Form 8-K - Current report

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

FORM 8-K

CURRENT REPORT

Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934

Date of Report (Date of earliest event reported)

July 25, 2023

(July 20, 2023)

PACIFIC PREMIER BANCORP, INC.

(Exact name of registrant as specified in its charter)

Delaware

0-22193

33-0743196

(State or other jurisdiction

of incorporation)

(Commission

File Number)

(I.R.S. Employer

Identification No.)

17901 Von Karman Avenue, Suite 1200, Irvine, CA 92614

(Address of principal executive offices) (Zip Code)

Registrant’s telephone number, including area code (949) 864-8000

Not Applicable

(Former name or former address, if changed since last report.)

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:

☐ Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)

☐ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)

☐ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))

☐ Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act:

Title of Each Class

Trading Symbol

Name of Each Exchange on Which Registered

Common Stock, par value $0.01 per share

PPBI

NASDAQ Global Select Market

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§ 230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§ 240.12b-2 of this chapter).

Emerging growth company ☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Item 8.01 Other Events.

On July 20, 2023, a third-party vendor (“Vendor”) to Pacific Premier Bank (the “Bank”), the wholly-owned bank subsidiary of Pacific Premier Bancorp, Inc. (together with Bank, the “Company”), confirmed to the Bank that personally identifiable information associated with Bank clients had been compromised in a security incident Vendor experienced (“Vendor Incident”). The Vendor Incident resulted from a zero-day vulnerability in a popular file sharing software Vendor used called MOVEit Transfer (“MOVEit”). Progress Software Corporation developed and maintains MOVEit, which is used by thousands of organizations around the world. According to recent national media reports, the MOVEit zero-day vulnerability was exploited in a large-scale, cyber campaign that is impacting government agencies, universities, and corporations around the world. The Bank uses Vendor for certain tax and compliance operational support services.

As a result of the Vendor Incident, an unauthorized party was able to obtain access to certain Bank client data files in Vendor’s possession that contained social security numbers, account numbers, and other personally identifiable information. The Bank is working with Vendor to provide appropriate notifications to potentially affected parties and to regulatory agencies as required by federal and state law.

The Vendor confirmed that it has implemented the recommended patches released by Progress Software for the MOVEit platform to date and has taken other security measures with respect to file transfers. Upon learning of the Vendor Incident, the Company promptly investigated the matter to determine the scope and nature of any Bank client data that may have been affected. There is no indication the Vendor Incident involved the Company’s internal network or IT systems, and there has been no material interruption to the Company’s business operations.

Due to the apparent widespread scope of the MOVEit vulnerability, the Bank proactively engaged with other third-party vendors to determine any impact on them. With the exception of one third-party vendor who reported that bill payment data in its possession specific to a single client of the Bank had been compromised, each vendor indicated that it was not affected by the MOVEit vulnerability. As of the date of this report, the Bank is not aware of any other third-party incidents related to the MOVEit vulnerability that has affected personally identifiable information associated with Bank clients.

The Company has incurred, and may continue to incur, certain expenses related to the Vendor Incident. Further, the Company remains subject to risks and uncertainties as a result of the Vendor Incident, including litigation risk and additional regulatory scrutiny. While the Company is continuing to evaluate the full scope and impact of the Vendor Incident, the Company currently believes this incident will not have a material adverse effect on its or the Bank’s business, operations, or financial results.

Forward-Looking Statements

This Current Report on Form 8-K contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, Section 21E of the Securities Exchange Act of 1934, as amended, and the Private Securities Litigation Reform Act of 1995 that involve risk and uncertainties. These forward-looking statements are based on our current beliefs, understandings and expectations and may relate to, among other things, statements regarding the security event described herein and its impact on our business, operations and financial results. These forward-looking statements are neither promises nor guarantees, but are subject to a variety of risks and uncertainties, which could cause actual results to differ materially from those contemplated in these forward-looking statements. Factors that could cause actual results to differ materially from those expressed or implied include legal, reputational, and financial risks resulting from this cyber incident, our ongoing investigation of the incident, including the Company’s potential discovery of additional information related to the incident in connection with this investigation, any potential regulatory inquiries and/or litigation to which the Company may become subject in connection with this incident, the extent of remediation and other additional costs that may be incurred by the Company in connection with this incident, the extent of insurance coverage and contractual indemnification, the potential that other third-party vendors may have been affected by the MOVEit vulnerability in a manner that may compromise client data, including personally identifiable information, and the risks set forth in our Annual Report on Form 10-K for the year ended December 31, 2022, filed with the Securities and Exchange Commission on February 24, 2023, our Form 10-Q for the period ended March 31, 2023 filed on April 28, 2023, and our other filings with the Securities and Exchange Commission. The Company undertakes no obligation to revise or update any forward-looking statements, or to make any other forward-looking statements, whether as a result of new information, future events or otherwise.

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the Registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.


		PACIFIC PREMIER BANCORP, INC.

Dated:	July 25, 2023	By:	/s/ STEVEN R. GARDNER
			Steven R. Gardner
			Chairman, Chief Executive Officer, and President

Cover Page Cover Page	Jul. 25, 2023
Cover [Abstract]
Document Type	8-K
Document Period End Date	Jul. 25, 2023
Entity Registrant Name	PACIFIC PREMIER BANCORP INC
Entity Central Index Key	0001028918
Amendment Flag	false
Entity Incorporation, State or Country Code	DE
Entity File Number	0-22193
Entity Tax Identification Number	33-0743196
Entity Address, Address Line One	17901 Von Karman Avenue
Entity Address, Address Line Two	Suite 1200
Entity Address, City or Town	Irvine
Entity Address, State or Province	CA
Entity Address, Postal Zip Code	92614
City Area Code	949
Local Phone Number	864-8000
Written Communications	false
Soliciting Material	false
Pre-commencement Tender Offer	false
Pre-commencement Issuer Tender Offer	false
Entity Emerging Growth Company	false
Title of 12(b) Security	Common Stock, par value $0.01 per share
Trading Symbol	PPBI
Security Exchange Name	NASDAQ