Cyber incident at Heritage Financial (NASDAQ: HFWA) under review

Rhea-AI Filing Summary

Heritage Financial Corporation reported a cybersecurity incident involving an internal file share server used by employees, where files were exfiltrated and may contain personal information. The company stated that bank customer accounts, customer systems, and operations were not impacted, and business has continued in the ordinary course.

The company activated its incident response plan, took the affected system offline, and engaged external forensic and legal experts. It also notified banking regulators, law enforcement, and its cyber insurance carrier. As of this report, Heritage Financial has not determined the incident to be material or likely to have a material impact on its financial condition or results.

Insights

Banking risk and cyber security analyst

Cyber incident appears operationally contained, but full impact remains under review.

Heritage Financial Corporation identified unauthorized access and data exfiltration from an internal employee file server. Importantly, it reports no impact to customer accounts, customer-facing systems, or day-to-day operations, which helps limit immediate business disruption risk.

The company activated its incident response plan, took the affected system offline, and brought in external forensic and legal advisors. It also informed regulators, law enforcement, and its cyber insurer, showing alignment with regulatory expectations for incident handling and disclosure.

Management states that, as of this report, the incident is not determined to be material or likely to materially affect financial condition or results. However, forward-looking statements acknowledge that the ultimate financial and operational impact could be more severe than currently anticipated, so future updates will clarify any longer-term consequences.

0001046025false00010460252026-03-202026-03-20

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

WASHINGTON, D.C. 20549

FORM 8-K

CURRENT REPORT

Pursuant to Section 13 or 15(d)

of the Securities and Exchange Act of 1934

Date of Report (Dated of earliest event reported): March 20, 2026

HERITAGE FINANCIAL CORPORATION

(Exact name of registrant as specified in its charter) 

Commission File Number 000-29480

Washington

91-1857900

(State or other jurisdiction of incorporation or organization)

(I.R.S. Employer Identification No.)

201 Fifth Avenue SW,

Olympia

WA

98501

(Address of principal executive offices)

(Zip Code)

(360) 943-1500

(Registrant’s telephone number, including area code) 

Not applicable

(Former name or former address, if changed since last report) 

Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:

☐			Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425)
☐			Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12)
☐			Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b))
☐			Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c))

Securities registered pursuant to Section 12 (b) of the Act:

Title of each class			Trading symbol			Name of each exchange on which registered
Common stock, no par value			HFWA			The Nasdaq Stock Market LLC

Indicate by check mark whether the registrant is an emerging growth company as defined in Rule 405 of the Securities Act of 1934 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).

Emerging Growth Company ☐

If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐

Item 8.01 Other Events

On or about March 2, 2026, Heritage Financial Corporation (the “Company”) detected a cybersecurity incident involving an internal file share server used by employees and the exfiltration of files from that file share server which may contain personal information. The Bank’s customer accounts, customer systems and operations were not impacted.

Promptly following detection, the Company initiated its security incident response plan and began deploying measures to stop the unauthorized activity, including taking the affected system offline. The incident did not cause any disruptions in the Company’s operations, which have continued throughout this time in the ordinary course. The Company has launched a thorough investigation and engaged experienced external advisors, including an independent forensic investigation firm and legal counsel, to assess, contain, and remediate the incident. The Company also promptly notified its banking regulators, law enforcement and cyber insurance carrier.

While the investigation is ongoing, as of the date of this filing, the Company has not determined that the cyber incident is material or that it has had, or is reasonably likely to have, a material impact on the Company’s financial condition or results of operations.

Forward-Looking Statements

Statements made in this Form 8-K that look forward in time or that express management’s beliefs, expectations, or hopes are forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995, as amended. Such forward-looking statements reflect the views of management at the time such statements are made. These statements include, but are not limited to, those regarding actions being taken and that will be taken in response to the cyber incident, expectations regarding insurance coverage, and our assessments of the likely financial and operational impacts of the incident. Responding to and assessing these types of cyber incidents is inherently challenging and these forward-looking statements are subject to a number of risks, uncertainties, estimates, and assumptions that may cause actual results to differ materially from current expectations, many of which are out of our control. As a result, the financial and operational impact of the incident may be more severe than currently anticipated. Risks and uncertainties also include the risk factors detailed in our Securities and Exchange Commission filings, including our Form 10-K for the year ended December 31, 2025. The Company does not undertake to update its forward-looking statements, whether as a result of new information, future events, or otherwise.

Item 9.01 Financial Statements and Exhibits

(d) Exhibits

Exhibit 104 Cover Page Interactive Data File (embedded within the Inline XBRL document)

SIGNATURES

    Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.

						HERITAGE FINANCIAL CORPORATION
Date:
March 20, 2026						/S/ Bryan D. McDonald
						Bryan D. McDonald
						President and Chief Executive Officer

FAQ

What cybersecurity incident did Heritage Financial (HFWA) report?

Heritage Financial reported a cybersecurity incident involving an internal file share server used by employees. Files were exfiltrated from that server and may contain personal information, but the company states that customer accounts, customer systems, and banking operations were not affected.

Were Heritage Financial (HFWA) customer accounts affected by the cyber incident?

Heritage Financial states that customer accounts, customer systems, and banking operations were not impacted by the incident. The breach involved an internal file share server used by employees, where files that may contain personal information were accessed and exfiltrated.

How is Heritage Financial (HFWA) responding to the cybersecurity incident?

The company activated its security incident response plan, took the affected system offline, and deployed measures to stop unauthorized activity. Heritage Financial also engaged an independent forensic investigation firm, legal counsel, and notified banking regulators, law enforcement, and its cyber insurance carrier.

Has Heritage Financial (HFWA) deemed the cyber incident material?

As of this report, Heritage Financial has not determined that the cyber incident is material. It also has not concluded that the event has had, or is reasonably likely to have, a material impact on its financial condition or results of operations.

Could the Heritage Financial (HFWA) cyber incident still have financial impacts?

The company cautions that responding to and assessing cyber incidents is challenging and outcomes are uncertain. Management notes that the financial and operational impact of this incident may be more severe than currently anticipated, and references risk factors in its Form 10-K for additional context.

Which authorities did Heritage Financial (HFWA) notify about the cyber incident?

Heritage Financial reports that it promptly notified its banking regulators, law enforcement, and its cyber insurance carrier after detecting the incident. It also engaged external forensic and legal advisors to assess, contain, and remediate the cybersecurity event.

Filing Exhibits & Attachments

4 documents

Other Documents

• EX-101 XBRL TAXONOMY EXTENSION SCHEMA DOCUMENT 2.3 KB
• EX-101 XBRL TAXONOMY EXTENSION DEFINITION LINKBASE DOCUMENT 14.3 KB
• EX-101 XBRL TAXONOMY EXTENSION LABEL LINKBASE DOCUMENT 25.2 KB
• EX-101 XBRL TAXONOMY EXTENSION PRESENTATION LINKBASE DOCUMENT 14.9 KB