On March 1, 2026, an unauthorized party copied files from Heritage Bank's internal file share server, exposing the sensitive personal and financial information of 182,793 individuals. If you are a Heritage Bank customer or have ever done business with the Pacific Northwest-based bank, here is what happened and what you should do to protect yourself.
What Happened
Heritage Bank detected unauthorized access to its internal file share server on March 2, 2026, just one day after the intrusion occurred. According to the bank's official notification, an unauthorized party was able to copy files containing customer data from the server.
The bank began mailing individual notification letters in late March and early April 2026. Multiple law firms have since launched investigations into potential class-action claims against Heritage Bank, alleging that the company failed to adequately safeguard customer data.
What Data Was Exposed
The breach is particularly concerning because of the depth of financial information involved. Compromised data may include:
- Full names
- Social Security numbers or individual taxpayer identification numbers
- Bank account numbers
- Financial information
- Government-issued ID numbers (such as driver's license numbers)
- Dates of birth
- Physical addresses
Social Security Numbers Were Exposed
This breach included Social Security numbers, which are the single most valuable piece of information for identity thieves. Unlike a credit card number, you cannot simply get a new SSN. Take the protective steps below immediately, even if you have not yet noticed any suspicious activity.
Steps to Protect Yourself
1. Enroll in the Free Credit Monitoring
Heritage Bank is offering complimentary credit monitoring and identity protection services to affected individuals. If you received a notification letter, follow the enrollment instructions included with it. This monitoring can alert you to new accounts opened in your name or other suspicious activity on your credit report.
2. Freeze Your Credit
A credit freeze is the most effective way to prevent someone from opening new accounts using your stolen Social Security number. Place a freeze with all three major credit bureaus:
- Equifax — equifax.com/personal/credit-report-services or 1-800-685-1111
- Experian — experian.com/freeze or 1-888-397-3742
- TransUnion — transunion.com/credit-freeze or 1-888-909-8872
A credit freeze is free, does not affect your credit score, and can be temporarily lifted when you need to apply for credit.
3. Review Your Bank Accounts
Since this breach involved bank account numbers and financial information, check your Heritage Bank accounts and any other financial accounts for:
- Unauthorized withdrawals or transfers
- Changes to your contact information or account settings
- New authorized users you did not add
- Unfamiliar linked accounts
If you find suspicious activity, contact Heritage Bank immediately and file a fraud report.
4. Request Your Free Credit Reports
You are entitled to free credit reports from all three bureaus at AnnualCreditReport.com. Review each report carefully for accounts you do not recognize, hard inquiries you did not authorize, and incorrect personal information.
5. Place a Fraud Alert
Contact one of the three credit bureaus to place a fraud alert. The bureau you contact is required to notify the other two. A standard fraud alert lasts one year. If you are a confirmed victim of identity theft, you can place an extended fraud alert that lasts seven years.
6. Monitor for Tax-Related Identity Theft
With your Social Security number exposed, criminals may attempt to file a fraudulent tax return in your name to steal your refund. Consider filing your tax return as early as possible each year. You can also request an Identity Protection PIN from the IRS at irs.gov/ippin, which adds an extra layer of verification to your tax filing.
File an IRS Identity Protection PIN
An IP PIN is a six-digit number that prevents someone else from filing a federal tax return using your Social Security number. Once you opt in, the IRS will require this PIN on every return filed under your SSN. You can set one up at irs.gov/ippin.
7. Watch for Phishing and Scam Attempts
Be alert to emails, phone calls, or text messages claiming to be from Heritage Bank or other financial institutions. Criminals may use the stolen personal details to craft convincing phishing attempts. Never provide personal information in response to an unsolicited communication.
Consider Long-Term Monitoring
The free credit monitoring offered by Heritage Bank typically lasts 12 to 24 months, but your Social Security number does not expire. Criminals may hold onto stolen SSNs for years before attempting to use them.
PrivacyOn provides ongoing protection by monitoring over 100 data broker sites for your personal information and removing it when it appears. PrivacyOn also includes dark web monitoring, which scans underground marketplaces and forums where stolen financial data is bought and sold. Family plans cover up to five people starting at $8.33 per month, providing continuous protection that extends well beyond a temporary credit monitoring subscription.
Keep Records
Document everything related to this breach: save your notification letter from Heritage Bank, take screenshots of any suspicious account activity, record the dates of your credit freezes and fraud alerts, and keep a log of time spent dealing with the aftermath. These records may be important if you join a class-action lawsuit or need to file an identity theft report with the FTC at IdentityTheft.gov.