{"schema_version":"secwatch.filing_event.v1","accession":"0001628280-26-020261","form_type":"8-K","ticker":"HFWA","cik":"0001046025","company_name":"HERITAGE FINANCIAL CORP /WA/","filed_at":"2026-03-23T23:59:59+00:00","discovered_at":"2026-05-14T18:02:34.456067+00:00","generated_at":"2026-05-15T09:19:26.612740+00:00","sec_items":["8.01","9.01"],"event_type":"cyber","sentiment":"negative","materiality_score":0.55,"calibrated_materiality_score":0.55,"confidence":"high","headline":"Heritage Financial detects cyber incident; files exfiltrated may contain personal info","bullets":["Detected March 2, 2026; internal file share server compromised with exfiltration of files possibly containing personal information.","Customer accounts, systems, and operations not affected; no disruption to business operations.","Investigation ongoing with external forensic firm and legal counsel; regulators, law enforcement, and insurer notified.","Company states incident not currently deemed material to financial condition or results of operations.","Forward-looking statements warn impact may be more severe than currently anticipated."],"urls":{"canonical":"https://secwatch.observer/filing/0001628280-26-020261","json":"https://secwatch.observer/filing/0001628280-26-020261.json","markdown":"https://secwatch.observer/filing/0001628280-26-020261.md","text":"https://secwatch.observer/filing/0001628280-26-020261.txt","edgar_index":"https://www.sec.gov/Archives/edgar/data/1046025/000162828026020261/0001628280-26-020261-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/1046025/000162828026020261/hfwa-20260320.htm"},"model":{"generated_by":"deepseek-v4-flash:cloud@v2","generated_at":"2026-05-15T09:19:26.612740+00:00"},"review":{"review_status":"machine_generated","human_reviewed":false,"corrected":false,"correction_note":null,"correction_timestamp":null,"superseded_by":null,"related_filings":[]},"source_grounded_claims":[],"comparable_filings":[{"accession":"0001628280-26-024806","ticker":"RICK","company_name":"RCI HOSPITALITY HOLDINGS, INC.","filed_at":"2026-04-13T23:59:59+00:00","headline":"RCI Hospitality discloses cybersecurity incident; contractor PII accessed, no customer data breached","event_type":"cyber","sec_items":["8.01","9.01"],"materiality_score":0.7,"calibrated_materiality_score":0.7,"match_reasons":["same SEC item: 8.01, 9.01","same event type: cyber","similar materiality"],"urls":{"canonical":"https://secwatch.observer/filing/0001628280-26-024806","json":"https://secwatch.observer/filing/0001628280-26-024806.json","markdown":"https://secwatch.observer/filing/0001628280-26-024806.md","edgar_index":"https://www.sec.gov/Archives/edgar/data/935419/000162828026024806/0001628280-26-024806-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/935419/000162828026024806/rick-20260407.htm"},"side_by_side_evidence":null},{"accession":"0000950170-25-092526","ticker":null,"company_name":"SURMODICS INC","filed_at":"2025-07-02T23:59:59+00:00","headline":"Surmodics discovers unauthorized access to IT systems on June 5; no material customer impact","event_type":"cyber","sec_items":["8.01","9.01"],"materiality_score":0.55,"calibrated_materiality_score":0.55,"match_reasons":["same SEC item: 8.01, 9.01","same event type: cyber","similar materiality"],"urls":{"canonical":"https://secwatch.observer/filing/0000950170-25-092526","json":"https://secwatch.observer/filing/0000950170-25-092526.json","markdown":"https://secwatch.observer/filing/0000950170-25-092526.md","edgar_index":"https://www.sec.gov/Archives/edgar/data/924717/000095017025092526/0000950170-25-092526-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/924717/000095017025092526/srdx-20250605.htm"},"side_by_side_evidence":null},{"accession":"0000937556-25-000086","ticker":"MASI","company_name":"MASIMO CORP","filed_at":"2025-05-27T23:59:59+00:00","headline":"Masimo provides cyber incident update; manufacturing at near full capacity, no material revenue impact expected","event_type":"cyber","sec_items":["7.01","8.01","9.01"],"materiality_score":0.65,"calibrated_materiality_score":0.65,"match_reasons":["same SEC item: 8.01, 9.01","same event type: cyber","similar materiality"],"urls":{"canonical":"https://secwatch.observer/filing/0000937556-25-000086","json":"https://secwatch.observer/filing/0000937556-25-000086.json","markdown":"https://secwatch.observer/filing/0000937556-25-000086.md","edgar_index":"https://www.sec.gov/Archives/edgar/data/937556/000093755625000086/0000937556-25-000086-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/937556/000093755625000086/masi-20250527.htm"},"side_by_side_evidence":null},{"accession":"0000950170-25-068004","ticker":"JETMF","company_name":"Global Crossing Airlines Group Inc.","filed_at":"2025-05-09T23:59:59+00:00","headline":"Global Crossing Airlines discloses cybersecurity incident found on May 5, 2025","event_type":"cyber","sec_items":["8.01","9.01"],"materiality_score":0.5,"calibrated_materiality_score":0.5,"match_reasons":["same SEC item: 8.01, 9.01","same event type: cyber","similar materiality"],"urls":{"canonical":"https://secwatch.observer/filing/0000950170-25-068004","json":"https://secwatch.observer/filing/0000950170-25-068004.json","markdown":"https://secwatch.observer/filing/0000950170-25-068004.md","edgar_index":"https://www.sec.gov/Archives/edgar/data/1846084/000095017025068004/0000950170-25-068004-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/1846084/000095017025068004/jetmf-20250505.htm"},"side_by_side_evidence":null},{"accession":"0000784199-24-000253","ticker":"AORT","company_name":"ARTIVION, INC.","filed_at":"2024-12-09T23:59:59+00:00","headline":"Artivion reports cybersecurity incident discovered Nov 21; systems taken offline","event_type":"cyber","sec_items":["8.01","9.01"],"materiality_score":0.65,"calibrated_materiality_score":0.65,"match_reasons":["same SEC item: 8.01, 9.01","same event type: cyber","similar materiality"],"urls":{"canonical":"https://secwatch.observer/filing/0000784199-24-000253","json":"https://secwatch.observer/filing/0000784199-24-000253.json","markdown":"https://secwatch.observer/filing/0000784199-24-000253.md","edgar_index":"https://www.sec.gov/Archives/edgar/data/784199/000078419924000253/0000784199-24-000253-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/784199/000078419924000253/aort-20241209.htm"},"side_by_side_evidence":null},{"accession":"0001428336-24-000055","ticker":"HQY","company_name":"HEALTHEQUITY, INC.","filed_at":"2024-07-02T23:59:59+00:00","headline":"HealthEquity discloses data breach via compromised business partner account; PII/PHI accessed","event_type":"cyber","sec_items":["8.01","9.01"],"materiality_score":0.65,"calibrated_materiality_score":0.65,"match_reasons":["same SEC item: 8.01, 9.01","same event type: cyber","similar materiality"],"urls":{"canonical":"https://secwatch.observer/filing/0001428336-24-000055","json":"https://secwatch.observer/filing/0001428336-24-000055.json","markdown":"https://secwatch.observer/filing/0001428336-24-000055.md","edgar_index":"https://www.sec.gov/Archives/edgar/data/1428336/000142833624000055/0001428336-24-000055-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/1428336/000142833624000055/hqy-20240702.htm"},"side_by_side_evidence":null},{"accession":"0001820953-24-000027","ticker":"AFRM","company_name":"Affirm Holdings, Inc.","filed_at":"2024-07-01T23:59:59+00:00","headline":"Affirm reports Affirm Card data breach via Evolve Bank & Trust; secures $330M credit facility","event_type":"cyber","sec_items":["1.01","8.01","9.01"],"materiality_score":0.65,"calibrated_materiality_score":0.65,"match_reasons":["same SEC item: 8.01, 9.01","same event type: cyber","similar materiality"],"urls":{"canonical":"https://secwatch.observer/filing/0001820953-24-000027","json":"https://secwatch.observer/filing/0001820953-24-000027.json","markdown":"https://secwatch.observer/filing/0001820953-24-000027.md","edgar_index":"https://www.sec.gov/Archives/edgar/data/1820953/000182095324000027/0001820953-24-000027-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/1820953/000182095324000027/afrm-20240625.htm"},"side_by_side_evidence":null},{"accession":"0001023128-24-000079","ticker":"LAD","company_name":"LITHIA MOTORS INC","filed_at":"2024-06-24T23:59:59+00:00","headline":"Lithia Motors disruptions after third-party CDK cyber incident","event_type":"cyber","sec_items":["8.01","9.01"],"materiality_score":0.65,"calibrated_materiality_score":0.65,"match_reasons":["same SEC item: 8.01, 9.01","same event type: cyber","similar materiality"],"urls":{"canonical":"https://secwatch.observer/filing/0001023128-24-000079","json":"https://secwatch.observer/filing/0001023128-24-000079.json","markdown":"https://secwatch.observer/filing/0001023128-24-000079.md","edgar_index":"https://www.sec.gov/Archives/edgar/data/1023128/000102312824000079/0001023128-24-000079-index.htm","edgar_primary_document":"https://www.sec.gov/Archives/edgar/data/1023128/000102312824000079/lad-20240619.htm"},"side_by_side_evidence":null}],"license":"Source filings: public domain (SEC EDGAR). Summaries (headline + bullets): CC-BY-4.0; attribute https://secwatch.observer"}