River Financial Corporation filed an amended 8-K on July 10, 2026, providing an update on the material cybersecurity incident it first disclosed on June 19. The company confirmed that an unauthorized threat actor not only accessed portions of its network but also removed certain data from its environment.
Investigation Continues
River is still working to determine the nature and scope of the information that was taken, including whether any personally identifiable information was affected. The company stated that, to date, it has not received any reports of fraud directly resulting from the incident. The full nature, scope, and impact of the breach have not yet been determined, and River has not confirmed whether the incident is reasonably likely to materially impact its business or financial condition. The company committed to filing another amendment within four business days after that determination can be made.
Litigation Emerges
Following the public disclosure of the ransomware attack, two class action lawsuits were filed against River Financial relating to the incident. The company said it is evaluating the complaints and intends to respond in the ordinary course of business. River also cautioned that additional claims or litigation may be asserted as the situation develops.
The filing represents a progression from the initial incident report, which had described the company's response efforts including engagement of internal cybersecurity personnel, external experts, and coordination with law enforcement and cybersecurity regulators. The emergence of class action litigation adds a legal dimension to what had initially been an operational and investigative matter. Investors will be watching for the company's next update, which should clarify whether customer data was compromised and whether the financial impact will be material.