MOVEit Cyber Incident Update

A recent global cybersecurity incident involving MOVEit Transfer has resulted in the potential exposure of personal data for millions of individuals around the world. MOVEit Transfer is a popular filesharing software used by government agencies, financial firms, universities, and other well-respected organizations. On May 31, 2023, Progress Software, the owner of MOVEit, announced a previously unknown (aka “zero-day”) vulnerability in its MOVEit Transfer application. That vulnerability, which allowed unauthorized actors to defeat MOVEit’s security measures, was exploited and resulted in the potential exposure of sensitive information for any organization utilizing the software.

A third-party vendor that we use for certain tax and regulatory compliance services, Sovos Compliance, LLC (“Sovos”) recently confirmed to us that it was impacted by the MOVEit incident. Upon learning of the incident, Sovos immediately took the affected application offline and activated its incident response procedures. It also retained outside advisors and cybersecurity experts to assist in its evaluation of the situation, and notified law enforcement. Through its investigation, Sovos determined that unauthorized actors exploited the then-unknown MOVEit vulnerability to download a data file that contained certain personally identifiable information about some of our clients. This file may have contained the affected client’s name, address, date of birth, social security number, driver’s license number, and/or Pacific Premier account number.

While the MOVEit incident did not impact Pacific Premier’s own computer systems, we are working with Sovos to notify all individuals who were affected by this incident. On August 28, 2023, Sovos started sending notification letters to affected individuals and is offering two years of complimentary credit monitoring services through Kroll Information Assurance. To take advantage of these credit monitoring services, please follow the instructions in the letter you receive from Sovos. Sovos has also established a dedicated call center to answer any questions you may have regarding this incident or the services available to you. You can reach a live representative at the Sovos call center by dialing its toll-free number 866.373.7132 anytime Monday through Friday during the hours of 9:00 a.m. to 6:30 p.m. (Eastern Time). If you believe you have been affected by this incident but did not receive a letter from Sovos, please speak with one of our customer service representatives by calling our dedicated call center during normal business hours at 855.305.6245.

Because the MOVEit vulnerability has been so widespread across government agencies and global enterprises, we encourage all clients to be vigilant against attempts at identity theft or fraud and to take proactive measures to protect their information, including the following no-cost steps:

  • Monitor your financial account activity and statements regularly to protect yourself from fraud, identity theft, and unauthorized use of your account.
  • Consider placing fraud alerts or credit freezes with the credit reporting companies. For more information about fraud alerts and credit freezes, visit the Federal Trade Commission's website
  • Stay alert for emails, phone calls, or messages from unknown sources asking for personal or business information.
  • Immediately report any suspicious activity in your Pacific Premier account(s). If you believe you are a victim of identity theft, immediately file a police report and notify the Federal Trade Commission via IdentityTheft.gov. If you believe that your Social Security information has been compromised, contact Social Security Administration’s toll-free number: 800.772.1213.

For more information on fraud prevention, visit our Cybersecurity Center. Additionally, you can use our mobile app or online banking to set up alerts to notify you of activity on your account.

If you have any questions about the incident, you can call us at 855.305.6245.