2023-08-11 COMMUNITY TRUST BANCORP INC /KY/ Cybersecurity Incident

Page last updated on April 11, 2024

COMMUNITY TRUST BANCORP INC /KY/ initially disclosed a cybersecurity incident in an SEC 8-K filing on 2023-08-11 16:49:45 EDT.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date: 2023-08-09
Disclosure Date: 2023-08-11
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)


8-K filed on 2023-08-11

COMMUNITY TRUST BANCORP INC /KY/ filed an 8-K at 2023-08-11 16:49:45 EDT
Accession Number: 0000350852-23-000090

Item 8.01 Other Events.

On May 31, 2023 Progress Software Corporation published information related to a vulnerability in its software tool MOVEit Transfer (“MOVEit”). Community Trust Bancorp, Inc. (“CTBI”) does not use MOVEit on its internal networks. However, on Wednesday, August 9, 2023, CTBI received written notice from a third party prominent financial institution vendor that certain of CTBI’s customer data was potentially accessed due to the vendor’s utilization of MOVEit in its service offering to CTBI. Based on the investigation to date, including information provided from the vendor, CTBI’s customers could have had personal information copied through the cyberattack. The vendor confirmed that it implemented the recommended patches released by Progress Software Corporation for the MOVEit platform. CTBI worked with the vendor to determine the potentially impacted customers and the extent of information potentially exposed, and CTBI is notifying potentially affected customers appropriately. The incident did not impact the ongoing operations of CTBI, and CTBI carries cyber insurance which it expects to cover many of the costs related to the incident.

Company Information

SIC DescriptionState Commercial Banks
TickerCTBI - Nasdaq
CategoryAccelerated filer
Fiscal Year EndDecember 30