Breach taxonomy
Summary
On or about March 2, 2026, Heritage Financial Corporation detected unauthorized access to an internal file share server used by employees, with files potentially containing personal information exfiltrated. Customer accounts and bank operations were not impacted. The company initiated its security incident response plan, took the affected system offline, and engaged an independent forensic investigation firm. Banking regulators, law enforcement, and the cyber insurance carrier were notified; as of the filing date the company has not determined the incident to be material. Filed under Item 8.01; materiality not yet determined as of filing date.
Tagging rationale
ThreatUnknown
Filing does not attribute the incident to a specific actor → UNKNOWN.
MethodsData Exfil
Filing describes 'exfiltration of files from that file share server' — deliberate data theft by an unauthorized party with no mention of ransomware or malware → DATA-EXFIL.
AssetsPersonal Data
Filing states 'exfiltration of files from that file share server which may contain personal information' → PERSONAL-DATA.
EffectsInfo Privacy Loss
Files containing potential personal information were exfiltrated with no operational disruption confirmed → INFO-PRIVACY-LOSS.
Business continuityNot Required
Filing states 'The incident did not cause any disruptions in the Company's operations, which have continued throughout this time in the ordinary course' → Not Required.
Impact
Data exfiltration from an internal file share at a community bank with potential personal information exposure; no operational disruption and company has not determined materiality → score 2.
InsuranceYes
Filing states the Company 'promptly notified its banking regulators, law enforcement and cyber insurance carrier' → true.
Read the original SEC filing excerpt
Item 8.01 Other Events On or about March 2, 2026, Heritage Financial Corporation (the "Company") detected a cybersecurity incident involving an internal file share server used by employees and the exfiltration of files from that file share server which may contain personal information. The Bank's customer accounts, customer systems and operations were not impacted. Promptly following detection, the Company initiated its security incident response plan and began deploying measures to stop the unauthorized activity, including taking the affected system offline. The incident did not cause any disruptions in the Company's operations, which have continued throughout this time in the ordinary course. The Company has launched a thorough investigation and engaged experienced external advisors, including an independent forensic investigation firm and legal counsel, to assess, contain, and remediate the incident. The Company also promptly notified its banking regulators, law enforcement and cyber insurance carrier. While the investigation is ongoing, as of the date of this filing, the Company has not determined that the cyber incident is material or that it has had, or is reasonably likely to have, a material impact on the Company's financial condition or results of operations.