Ransomware hits River Financial (RVRF), disrupting some operations

Filing Impact

(Moderate)

Filing Sentiment

(Neutral)

Form Type

8-K

Rhea-AI Filing Summary

River Financial Corporation reported a cybersecurity incident involving ransomware affecting its network, including River Bank & Trust. An unauthorized threat actor accessed its environment on or about June 16, 2026, and ransomware was deployed across parts of its server infrastructure, discovered on or about June 19, 2026.

The company quickly disabled affected administrative accounts and took impacted systems offline, and is working with a third-party forensic firm and external cybersecurity professionals to investigate and restore operations. The investigation into whether any personally identifiable information was accessed or taken is ongoing, and River has not yet determined whether the incident is reasonably likely to materially impact its business or financial condition. The company plans to amend this report within four business days after it determines additional information is available.

Positive

None.

Negative

Ransomware attack and operational disruption: An unauthorized threat actor deployed ransomware across parts of River’s server environment, impacting certain operations while the company investigates the scope, data exposure, and potential business or financial effects.

Insights

River discloses a ransomware attack with unresolved business impact.

River Financial Corporation describes a ransomware incident affecting portions of its server environment and some operations. The company has contained the attack by disabling affected administrative accounts and taking systems offline, and has engaged a third-party forensic firm and external cybersecurity professionals.

The filing states that the full nature, scope, and impact of the incident are not yet known, including whether any personally identifiable information was accessed or exfiltrated. It also notes that River has not determined whether the event is reasonably likely to materially affect its business or financial condition.

The company indicates it will amend this report within four business days after additional information is available. Future disclosures in company filings may clarify operational disruption, potential data exposure, and any financial consequences linked to remediation, potential liabilities, or longer-term cybersecurity investments.

8-K Event Classification

2 items: 1.05, 9.01

2 items

Item 1.05 Material Cybersecurity Incidents Business

A cybersecurity incident that the company has determined to be material to investors.

Item 9.01 Financial Statements and Exhibits Exhibits

Financial statements, pro forma financial information, and exhibit attachments filed with this report.

Key Figures

Approximate incident date: June 16, 2026 Detection date: June 19, 2026 Planned amendment timing: Within four business days +1 more

4 metrics

Approximate incident date June 16, 2026 Unauthorized access and ransomware deployment occurred on or about this date

Detection date June 19, 2026 Company identified malicious activity on or about this date

Planned amendment timing Within four business days River will amend the report after additional information becomes available

Filing signature date June 25, 2026 Date the report was signed by the Chief Executive Officer

Key Terms

Material Cybersecurity Incidents, ransomware, personally identifiable information, third-party forensic firm, +1 more

5 terms

Material Cybersecurity Incidents regulatory

"ITEM 1.05 Material Cybersecurity Incidents."

ransomware technical

"determined that ransomware had been deployed across portions of its server environment."

Ransomware is malicious software that locks or encrypts a company’s computer files and systems, then demands payment for their release — like a thief changing the locks on a business and asking for a ransom. It matters to investors because attacks can halt operations, trigger large cleanup costs, damage customer trust, lead to regulatory fines or legal claims, and reduce future revenue, all of which can hurt a company’s financial value.

personally identifiable information technical

"including whether any personally identifiable information was subject to unauthorized access or exfiltration."

Personally identifiable information (PII) is any data that can directly or indirectly identify a single person — for example: full name, home address, national ID numbers, phone or email, financial account details, or unique biometric data. Investors care because mishandling or loss of PII can trigger regulatory fines, costly cleanup and lost customer trust; think of a data breach like losing the keys to many customers’ homes, which can hurt a company’s finances and stock value.

third-party forensic firm technical

"River, with the assistance of a third-party forensic firm, is investigating the nature and scope of the incident"

emerging growth company regulatory

"Emerging growth company "

An emerging growth company is a recently public or smaller public firm that qualifies for temporary, lighter regulatory and disclosure rules to reduce the cost and effort of being public. For investors, it means the company may provide less historical financial detail and face fewer reporting requirements than larger firms, so it can grow more quickly but also carries higher uncertainty—like buying a promising early-stage product with fewer user reviews.

See more from StockTitan in Google Search and AI answers. Adds StockTitan as a preferred source · opens Google

Add on Google

Understanding 8-K Material Events →

Available on EDGAR 06/25/2026 - 04:52 PM Accepted by SEC EDGAR 06/25/2026 - 04:52 PM

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, DC 20549

FORM 8-K

CURRENT REPORT

PURSUANT TO SECTION 13 OR 15(d)

OF THE SECURITIES EXCHANGE ACT OF 1934

Date of earliest event reported: June 19, 2026

RIVER FINANCIAL CORPORATION

(Exact Name of Registrant as Specified in its Charter)

Not Applicable

(Former Name or Former Address, if Changed Since Last Report)

     (State or Other Jurisdiction
of Incorporation)

     (Commission
File Number)

     (IRS Employer
Identification No.)

    

     2611 Legends Drive
Prattville, Alabama

     36066

     (Address of Principal Executive Offices)

     (Zip Code)

(334) 290-1012

(Registrant’s telephone number, including area code)

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions (see General Instructions A.2. below):

☐ Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)

☐ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)

☐ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))

☐ Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12(b) of the Act: None


Title of each class	Trading Symbol(s)	Name of each exchange on which registered
None	None	None

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1933 (§ 230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§ 240.12b-2 of this chapter).

Emerging growth company ☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. 

ITEM 1.05 Material Cybersecurity Incidents.

On or about June 16, 2026, an unauthorized threat actor gained access to the network environment of River Financial Corporation, including River Bank & Trust (together, “River”). River identified the activity on or about June 19, 2026, and determined that ransomware had been deployed across portions of its server environment. River promptly took containment measures, including disabling affected administrative accounts and taking impacted systems offline.

River, with the assistance of a third-party forensic firm, is investigating the nature and scope of the incident, including whether any personally identifiable information was subject to unauthorized access or exfiltration. That investigation is ongoing.

As of the date of this filing, the full nature, scope, and impact of the incident have not yet been determined. River has not yet determined whether the incident is reasonably likely to materially impact its business or financial condition. Certain operations have been impacted, but River is working with external cybersecurity professionals to fully restore these operations. River will file an amendment to this Current Report on Form 8-K within four business days after it determines that such information is available.

ITEM 9.01 Financial Statements and Exhibits.

(d) Exhibits


104		Cover Page Interactive Data File (embedded within the Inline XBRL document)

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.



	RIVER FINANCIAL CORPORATION

Date: June 25, 2026	By	/s/ James M. Stubbs
		James M. Stubbs
		Chief Executive Officer

Source: View Original Filing on SEC EDGAR

FAQ

What cybersecurity incident did River Financial Corporation (RVRF) disclose?

River Financial disclosed that an unauthorized threat actor accessed its network, including River Bank & Trust, and deployed ransomware across portions of its server environment. The company took systems offline, disabled affected accounts, and is investigating the incident with a third-party forensic firm.

When did the River Financial (RVRF) ransomware attack occur and get detected?

River reports the unauthorized access and ransomware deployment occurred on or about June 16, 2026. The company identified the malicious activity on or about June 19, 2026, then moved quickly to contain the incident, disable affected administrative accounts, and take impacted systems offline.

Has River Financial (RVRF) confirmed any data or personally identifiable information exposure?

River has not yet determined whether any personally identifiable information was accessed or exfiltrated. A third-party forensic firm is helping investigate the nature and scope of the incident, and the company plans to amend its report when more information becomes available.

How has the ransomware incident affected River Financial’s (RVRF) operations?

The company states that certain operations have been impacted by the ransomware incident. River is working with external cybersecurity professionals to fully restore these operations while concurrently investigating the attack and assessing any broader business or financial implications.

Has River Financial (RVRF) determined the financial impact of the cyber incident?

River indicates it has not yet determined whether the incident is reasonably likely to materially impact its business or financial condition. The company plans to file an amendment within four business days after it has sufficient information to provide a more definitive assessment.

What future disclosures has River Financial (RVRF) committed to regarding the cyberattack?

River states it will file an amendment to its current report within four business days after determining that additional information about the incident, including scope, data implications, and business impact, is available. This amendment should provide a clearer update for stakeholders.

Filing Exhibits & Attachments

1 document