Company Update

UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 ______________________ FORM 8-K CURRENT REPORT Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 ______________________ Date of Report (Date of earliest event reported): August 9, 2023 Community Trust Bancorp, Inc. (Exact name of registrant as specified in its charter) Kentucky (State or other jurisdiction of incorporation) 001-31220 61-0979818 (Commission File Number) (IRS Employer Identification No.)     P.O. Box 2947   346 North Mayo Trail   Pikeville , Kentucky 41502 (Address of principal executive offices) (Zip Code) ( 606 ) 432-1414 (Registrant’s telephone number) Not Applicable (Former name or former address, if changed since last report) Securities registered pursuant to Section 12(b) of the Act: Common Stock (Title of class) CTBI The NASDAQ Global Select Market (Trading symbol) (Name of exchange on which registered) Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions: ☐ Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) ☐ Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) ☐ Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) ☐ Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 under the Securities Act (17 CFR 230.405) or Rule 12b-2 under the Exchange Act (17 CFR 240.12b-2). Emerging growth company ☐ If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act □ ITEM 8.01 OTHER EVENTS On May 31, 2023 Progress Software Corporation published information related to a vulnerability in its software tool MOVEit Transfer (“MOVEit”).  Community Trust Bancorp, Inc. (“CTBI”) does not use MOVEit on its internal networks.  However, on Wednesday, August 9, 2023, CTBI received written notice from a third party prominent financial institution vendor that certain of CTBI’s customer data was potentially accessed due to the vendor’s utilization of MOVEit in its service offering to CTBI.  Based on the investigation to date, including information provided from the vendor, CTBI’s customers could have had personal information copied through the cyberattack.  The vendor confirmed that it implemented the recommended patches released by Progress Software Corporation for the MOVEit platform.  CTBI worked with the vendor to determine the potentially impacted customers and the extent of information potentially exposed, and CTBI is notifying potentially affected customers appropriately.  The incident did not impact the ongoing operations of CTBI, and CTBI carries cyber insurance which it expects to cover many of the costs related to the incident. FORWARD-LOOKING STATEMENTS This filing contains forward-looking statements made pursuant to the safe-harbor provisions of the Private Securities Litigation Reform Act of 1995.  Such forward-looking statements can often, but not always, be identified by the use of words like “believe”, “continue”, “pattern”, “estimate”, “project”, “intend”, “anticipate”, “expect” and similar expressions or future or conditional verbs such as “will”, “would”, “should”, “could”, “might”, “can”, “may”, or similar expressions.  These forward-looking statements include, but are not limited to, statements relating to the impact of the cybersecurity incident discussed in this filing and the expected coverage of our cyber insurance. These forward-looking statements are subject to significant risks, assumptions and uncertainties that may cause results to differ materially from those set forth in forward-looking statements, including, among other things: the risk factors identified in CTBI’s Annual Report on Form 10-K for the year ended December 31, 2022, filed with the Securities and Exchange Commission on February 28, 2023 and our other filings with the Securities and Exchange Commission. CTBI does not undertake any obligation to update any forward-looking statement, whether written or oral, relating to the matters discussed in this filing, or to make any other forward-looking statements, whether as a result of new information, future events, or otherwise. SIGNATURE Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized. Date: August 11, 2023 COMMUNITY TRUST BANCORP, INC. By: /s/ Mark A. Gooch Mark A. Gooch Vice Chairman, President, and Chief Executive Officer