Form 8-K - Current report

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 8-K

CURRENT REPORT

PURSUANT TO SECTION 13 OR 15(d) OF

THE SECURITIES EXCHANGE ACT OF 1934

Date of Report (Date of earliest event reported): July 10, 2023

1st Source Corporation

(Exact name of registrant as specified in its charter)


Indiana	0-6233	35-1068133
(State or other jurisdiction of incorporation)	(Commission File No.)	(I.R.S. Employer Identification No.)

100 North Michigan Street, South Bend, Indiana 46601

(Address of principal executive offices) (Zip Code)

574-235-2000

(Registrant's telephone number, including area code)

Not Applicable

(Former name or former address, if changed since last report)

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:

☐ Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)

☐ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)

☐ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))

☐ Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act:

Title of each class

Trading Symbol(s)

Name of each exchange on which registered

Common Stock - without par value

SRCE

The NASDAQ Stock Market LLC

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter). Emerging growth company ☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. o

ITEM 8.01 Other Events.

On May 31, 2023, a vendor to 1st Source Bank, a wholly owned subsidiary of 1st Source Corporation (the “Company”), Progress Software Corporation (“Vendor”), disclosed a previously unknown vulnerability in its MOVEit file transfer software (“MOVEit”) that could enable malicious actors to gain unauthorized access to sensitive files and information. MOVEit is used by thousands of organizations for secure data file transfers and is now the subject of a widely reported cybersecurity event impacting numerous organizations and governmental agencies around the world. The Company uses MOVEit for secure file transfers supporting internal operations and client services.

Upon learning of the vulnerability, the Company promptly deployed cybersecurity defenses. This included patching the software according to the Vendor’s published protocols, hardening of the host server containing the MOVEit software, and launching an internal investigation in partnership with outside independent cybersecurity forensic experts. The Company’s investigation is ongoing, and it is also in contact with law enforcement and regulatory authorities.

As part of its continuing investigation, the Company discovered that an unauthorized third-party gained access to sensitive client data of commercial and individual clients, including personally identifiable information. The Company has notified and is working with its commercial clients so impacted and is in the process now of identifying and directly notifying individual clients who have been impacted. The Company will ensure that appropriate notifications are provided to impacted individuals who will be offered complimentary credit monitoring and identity restoration services. These will be described in the notifications.

While the investigation is still ongoing, the vulnerability has been contained and there is no indication that there has been any impact on any of the Company’s information systems other than the MOVEit application. There has been no interruption to the Company’s systems, services, or business operations. The Company is aware that certain of its critical vendors may also have been impacted by the same vulnerability, as it believes every user of this version of MOVEit software was, and that the Company’s data processed and/or stored by such vendors may have been impacted. While the Company has not received any notification that this happened, it will assess and respond to any impacts as part of its ongoing investigation or if so notified.

The Company is continuing to evaluate the impact of the vulnerability, including certain remediation expenses and other potential liabilities. The Company does not currently believe the incident will have a material adverse effect on its business, operations, or financial results.

Note Regarding Forward-Looking Statements

This periodic report on Form 8-K contains statements that are “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. The Company identifies some of these forward-looking statements with words like “believe,” “may,” “could,” “would,” “will,” “might,” “should,” “expect,” “intend,” “plan,” “target,” “anticipate” and “continue,” the negative of these words, other terms of similar meaning or the use of future dates. Forward-looking statements in this report include, but are not limited to, statements regarding the actual or potential impact of the MOVEit vulnerability, and financial guidance related thereto. There are a number of factors that could cause actual results or future events to differ materially from those anticipated by the forward-looking statements. For further information regarding risks and uncertainties associated with the Company’s business, please refer to the Company’s filings with the Securities and Exchange Commission (the “SEC”), including its Annual Report on Form 10-K for the fiscal year ended December 31, 2022, which was filed with the SEC on February 16, 2023. The Company undertakes no obligation to update any forward-looking statements, which speak only as of the date of this current report on Form 8-K.

SIGNATURE

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.


						1st SOURCE CORPORATION
						(Registrant)


Date: July 10, 2023						/s/ BRETT A. BAUER
						Brett A. Bauer
						Treasurer and Chief Financial Officer
						Principal Accounting Officer

Document and Entity Information	Jul. 10, 2023
Document and Entity Information
Document Type	8-K
Document Period End Date	Jul. 10, 2023
Entity Registrant Name	1st Source Corp
Entity Incorporation, State or Country Code	IN
Entity File Number	0-6233
Entity Tax Identification Number	35-1068133
Entity Address, Address Line One	100 North Michigan Street
Entity Address, City or Town	South Bend
Entity Address, State or Province	IN
Entity Address, Postal Zip Code	46601
City Area Code	574
Local Phone Number	235-2000
Written Communications	false
Soliciting Material	false
Pre-commencement Tender Offer	false
Pre-commencement Issuer Tender Offer	false
Title of 12(b) Security	Common Stock - without par value
Trading Symbol	SRCE
Security Exchange Name	NASDAQ
Entity Emerging Growth Company	false
Amendment Flag	false
Entity Central Index Key	0000034782