HERITAGE FINANCIAL CORP /WA/ 8-K

What Happened

• On or about March 2, 2026, Heritage Financial Corporation (HFWA) detected a cybersecurity incident involving an internal file‑share server and the exfiltration of files that may contain personal information. The company filed an 8‑K on March 23, 2026 to report the incident.
• Heritage says customer accounts, customer systems and bank operations were not impacted and there were no disruptions to normal business operations. The company took the affected system offline, activated its incident response plan, and engaged an independent forensic investigation firm and outside legal counsel.

Key Details

• Date detected: on or about March 2, 2026; 8‑K filed March 23, 2026.
• Affected system: internal employee file‑share server; some exfiltrated files may contain personal information.
• Actions taken: affected system taken offline, incident response plan activated, external forensic investigators and legal counsel retained, banking regulators, law enforcement and cyber insurer notified.
• Materiality: as of the filing date, the company has not determined the incident is material or reasonably likely to have a material impact on financial condition or results of operations; investigation is ongoing.

Why It Matters

• For investors, the key points are that operations and customer accounts were not affected and the company has launched a formal response and third‑party forensics. However, the possibility of personal data exposure can lead to remediation costs, regulatory inquiries, litigation risk, or reputational damage depending on investigation results.
• Heritage has not identified a material financial impact yet, but the outcome and any insurance recoveries remain uncertain. Watch for follow‑up disclosures that could change the company’s assessment of materiality or financial impact.