エドガーで原本を確認する
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM 8-K
CURRENT REPORT
Pursuant to Section 13 OR 15(d) of The Securities Exchange Act of 1934
| Date of Report (Date of earliest event reported): | July 3, 2023 |
Hilltop Holdings Inc.
(Exact name of registrant as specified in its charter)
| Maryland | 1-31987 | 84-1477939 | ||
| (State or other jurisdiction of incorporation) |
(Commission File Number) |
(IRS Employer Identification No.) |
| 6565 Hillcrest Avenue | ||
| Dallas, Texas | 75205 | |
| (Address of principal executive offices) | (Zip Code) |
| Registrant’s telephone number, including area code: | (214) 855-2177 |
(Former name or former address, if changed since last report.)
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions (see General Instruction A.2. below):
¨ Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)
¨ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)
¨ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))
¨ Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))
Securities registered pursuant to Section 12(b) of the Act:
| Title of each class | | Trading Symbol | | Name of each exchange on which registered |
| Common Stock, par value $0.01 per share | | HTH | | New York Stock Exchange |
Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 or Rule 12b-2 of the Securities Exchange Act of 1934.
Emerging growth company ¨
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ¨
Section 8 – Other Events
| Item 8.01 | Other Events. |
On June 27, 2023, a third-party vendor (“Vendor”) of PlainsCapital Bank (the “Bank”), a wholly owned subsidiary of Hilltop Holdings Inc. (the “Company”), confirmed to the Bank that data specific to the Bank’s customers was likely obtained in a security incident that the Vendor experienced targeting a zero-day vulnerability (the “Vendor Incident”) in the Vendor’s instance of the MOVEit Transfer Application (“MOVEit”). MOVEit is a managed file transfer software used by thousands of organizations. The Bank uses Vendor’s systems as the Bank’s core operating system. Vendor has advised the Bank that the vulnerability causing the Vendor Incident has been patched.
As a result of this Vendor Incident, an unauthorized party likely obtained information in the Vendor’s possession about substantially all of the Bank’s customers, including social security numbers and account numbers. The Bank is committed to ensuring that appropriate notifications are provided to impacted customers and to regulatory agencies as required by federal and state law. The Bank plans to offer impacted customers, at their election, complimentary credit monitoring and identity restoration services, which will be described in the notifications.
Upon receiving notification of the Vendor Incident, the Company and the Bank, together with the Vendor, promptly launched an investigation to determine the scope and nature of any Bank customer data that may have been impacted. At this time, there is no indication that the Vendor Incident has had any impact on any of the Company’s or the Bank’s information systems or customer access credentials, and there has been no material interruption to the Bank’s business operations. The Company has incurred, and may continue to incur, certain expenses related to this Vendor Incident, including expenses to respond to, remediate and investigate this matter. Further, the Company remains subject to risks and uncertainties as a result of the Vendor Incident, including as a result of the data that was accessed. Additionally, security and privacy incidents have led to, and may continue to lead to, litigation and additional regulatory scrutiny. The Company is in the process of evaluating the full scope of the costs and impact of the Vendor Incident. The Company also is working with other vendors for the Bank and the Company’s broker-dealer and mortgage origination segments to determine whether they were similarly impacted by the MOVEit vulnerability.
Forward-Looking Statements
This Current Report on Form 8-K contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements include statements that are not statements of historical fact, may be identified by words such as “anticipates,” “believes,” “continues,” “could,” “impact,” “intends,” “may,” “plans,” “will” or “would,” or the negative of these words and phrases or similar words or phrases, and include, among other things, statements regarding our current beliefs, understanding and expectations regarding the Vendor Incident and MOVEit vulnerability and its impact on our business, financial condition and results of operations. Forward-looking statements involve known and unknown risks, uncertainties and other factors that may cause our actual results, performance or achievements to be materially different from any future results, performance or achievements anticipated in such statements. Forward-looking statements speak only as of the date they are made and, except as required by law, the Company does not assume any duty to update forward-looking statements. Factors that could cause actual results to differ materially from those expressed or implied by the forward-looking statements include legal, reputational, and financial risks resulting from the Vendor Incident and MOVEit vulnerability, our ongoing investigation of the Vendor Incident and MOVEit vulnerability, including the Company’s potential discovery of additional information related to the Vendor Incident and MOVEit vulnerability in connection with its investigation, any potential regulatory inquiries and/or litigation that the Company may become subject in connection with the Vendor Incident and MOVEit vulnerability, the extent of remediation and other additional costs that may be incurred by the Company in connection with the Vendor Incident and MOVEit vulnerability, the extent of insurance coverage and contractual indemnification, and the risks set forth in our most recent Annual Report on Form 10-K and subsequent Quarterly Reports on Form 10-Q and other reports that are filed with the Securities and Exchange Commission. All forward-looking statements are qualified in their entirety by this cautionary statement.
Section 9 – Financial Statements and Exhibits
| Item 9.01 | Financial Statements and Exhibits. |
| (a) | Financial statements of businesses acquired. |
Not applicable.
| (b) | Pro forma financial information. |
Not applicable.
| (c) | Shell company transactions. |
Not applicable.
| (d) | Exhibits. |
The following exhibit is filed or furnished, depending on the relative item requiring such exhibit, in accordance with the provisions of Item 601 of Regulation S-K and Instruction B.2 to this form.
| Exhibit Number |
Description of Exhibit | |
| 104 | Cover Page Interactive File (formatted as Inline XBRL). |
SIGNATURES
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
| Hilltop Holdings Inc., | ||
| a Maryland corporation | ||
| Date: July 3, 2023 | By: | /s/ COREY G. PRESTIDGE |
| Name: Corey G. Prestidge | ||
| Title: Executive Vice President, General Counsel & Secretary | ||