Heritage Bank Data Breach Lawsuit Investigation, April 2026 Notices
Received a March 2026 breach notice from Heritage Bank?
Dapeer Law, P.A. is investigating a potential class action against Heritage Bank, an Olympia, Washington community bank, on behalf of customers and employees whose names, account numbers, Social Security or ITIN numbers, dates of birth, and addresses may have been copied from an internal file share server during a March 2026 cyber incident.
Who may qualify
You may be eligible to participate in a class action if any of the following applies:
- You received a Heritage Bank data breach notification letter or email regarding the March 2026 security incident.
- You enrolled, or plan to enroll, in the complimentary credit monitoring and identity protection services offered through Heritage Bank's dedicated assistance line.
- You held an account with Heritage Bank, or were an employee or contractor whose personal information was stored on the bank's internal file share server, at the time of the incident.
- No proof of harm required to consult with counsel. You do not need to have already suffered identity theft to explore your legal options.
- Excluded: individuals who did not receive a breach notice and whose information was not involved in the incident.
Not sure if you qualify?
Send us your notice, we'll confirm your eligibility at no cost.
What happened
On or about March 2, 2026, Heritage Bank identified unauthorized activity within its network. According to the Bank's public Notice of Security Incident, Heritage Bank immediately isolated and secured the affected environment and engaged third-party specialists to investigate. The investigation revealed that certain files had been copied from an internal file share server on March 1, 2026. Heritage Bank states that customer accounts, customer systems, and operations were not impacted by the incident itself, only the contents of the file share server. Sample notification letters filed with state regulators reference impacted residents in multiple states, including California, Maryland, New York, North Carolina, Rhode Island, and the District of Columbia.
The information present in the reviewed files varied by individual and may include the affected person's name paired with one or more of the following: account number, Social Security number or Individual Taxpayer Identification Number (ITIN), date of birth, and address. Because the file share server was used by Heritage Bank employees, both customers and employees may be among the potentially impacted individuals. Heritage Bank is providing impacted individuals with complimentary single-bureau credit monitoring, a credit report, a credit score, and proactive fraud assistance through Cyberscout, a TransUnion company, with a 90-day enrollment window from the date of the notification letter. Heritage Bank also published a Notice of Security Incident on its website (last updated March 20, 2026) and made a dedicated assistance line available at 1-833-877-5751, Monday through Friday from 5 a.m. to 5 p.m. Pacific Time.
The combination of names paired with Social Security numbers, ITINs, dates of birth, and bank account numbers is high-value identity theft fuel. Affected individuals face elevated risk of synthetic identity fraud, tax refund fraud, account takeover, and unauthorized credit applications opened in their name. Dapeer Law is evaluating whether Heritage Bank used reasonable security safeguards consistent with banking industry standards, whether internal file share access was appropriately controlled, and whether affected customers and employees can pursue monetary relief through individual claims or a class action.
What to do if you received a letter
Keep your notice letter
Do not discard it. Your letter contains the activation code or reference number for credit monitoring and is important evidence if you decide to participate in a lawsuit.
Activate the complimentary Cyberscout credit monitoring
Use the activation instructions and unique enrollment code in your letter to sign up for single-bureau credit monitoring, a credit report, a credit score, and proactive fraud assistance through Cyberscout, a TransUnion company. Enrollment must occur within 90 days from the date of the notification letter. For questions, call Heritage Bank's dedicated assistance line at 1-833-877-5751 (Monday through Friday, 5 a.m. to 5 p.m. PT). Accepting this benefit does not waive your right to pursue legal action.
Place a fraud alert or credit freeze
Contact Equifax, Experian, and TransUnion to place a fraud alert or freeze on your file. Request a free weekly credit report from AnnualCreditReport.com, and use the FTC's identity theft recovery guide. Because the breach involved Social Security numbers, ITINs, and bank account numbers, also review every Heritage Bank account statement, set up real-time transaction alerts, and watch for unfamiliar tax filings or new credit applications opened in your name.
Speak with a data breach attorney
Consultations with Dapeer Law are free and confidential. We'll review your notice, explain your options under state breach notification, consumer protection, and financial privacy laws, and advise whether you may be eligible to join a class action.
Submit your notice for a free review
Two minutes online. A licensed attorney reviews every submission.
Breach timeline
Compensation you may be entitled to
Out-of-pocket expenses
Credit freezes, identity restoration services, and other costs incurred responding to the breach.
Time spent monitoring
Hours spent reviewing accounts, disputing fraudulent charges, and dealing with identity theft issues.
Identity theft & fraud losses
Unreimbursed funds stolen from accounts, unauthorized credit lines, synthetic identity fraud, or tax refund fraud tied to the breach.
Statutory damages
Certain state data breach and consumer protection statutes provide for fixed damages regardless of actual loss.
Injunctive relief
Court orders requiring Heritage Bank to implement stronger data security practices, including enhanced encryption, file share access controls, vendor oversight, and incident response procedures going forward.
Compensation categories depend on applicable state law, the types of data exposed, and documented losses. No recovery is guaranteed.
Common questions
I received a data breach letter from Heritage Bank. What should I do? +
Keep the notice, activate the complimentary single-bureau credit monitoring through Cyberscout (a TransUnion company) using the enrollment code in your letter within the 90-day window, place a fraud alert or freeze with Equifax, Experian, and TransUnion, and review your bank account statements closely for unauthorized activity. Because the breach involved Social Security numbers, ITINs, dates of birth, and account numbers, also watch for unfamiliar tax filings, new accounts opened in your name, or unauthorized credit applications. A free consultation with a data breach attorney can help you understand your legal options.
Am I eligible to join a class action against Heritage Bank? +
Individuals who received a Heritage Bank notification regarding the March 2026 security incident may be eligible. Eligibility can be affected by your state of residence, whether you were a customer or employee, the categories of data exposed in your specific letter, and any documented losses you have already incurred. Dapeer Law will evaluate your notice at no cost and confirm whether you appear to qualify.
How much money could I receive from a class action lawsuit? +
Data breach class action recoveries vary significantly. Settlements typically range from a few hundred dollars for basic out-of-pocket losses to several thousand dollars for documented identity theft, with class size, damages, and negotiation all affecting the final amount. Breaches involving Social Security numbers and bank account data, like the Heritage Bank incident, often command higher per-class-member recoveries. No payout is guaranteed, and this investigation has not yet resulted in a settlement.
What personal information was exposed in the breach? +
According to Heritage Bank's public Notice of Security Incident, the categories of personal information potentially exposed include each affected person's name paired with one or more of the following: account number, Social Security number or ITIN, date of birth, and address. Heritage Bank states that customer accounts, customer systems, and operations were not impacted by the incident itself, only the contents of an internal file share server. Your individual letter from Heritage Bank should list the specific data elements involved for your record.
Did Heritage Bank offer free credit monitoring? +
Yes. Heritage Bank is providing impacted individuals with complimentary single-bureau credit monitoring, a credit report, a credit score, and proactive fraud assistance through Cyberscout, a TransUnion company. Enrollment must occur within 90 days from the date of the notification letter. For questions, call Heritage Bank's dedicated assistance line at 1-833-877-5751 between 5 a.m. and 5 p.m. Pacific Time, Monday through Friday, excluding holidays. Accepting these benefits does not waive your right to pursue legal claims related to the breach.
How many people were affected by the Heritage Bank breach? +
The total number of impacted individuals is not disclosed on Heritage Bank's public Notice of Security Incident. State Attorney General filings may include more specific counts as they become public. Dapeer Law will update this page as additional information is reported.
Is there a deadline to take legal action? +
Yes. Statutes of limitations for data breach claims vary by state and legal theory, typically ranging from one to six years. Waiting can permanently bar your claim. Contact us as soon as possible for a free evaluation.
How do I get a copy of the official breach notice? +
Heritage Bank's public Notice of Security Incident is published at heritagebanknw.com under the Resource Center. Your individual notification letter from Heritage Bank contains the most specific information about your account and should be retained as primary evidence. Dapeer Law can help you obtain or interpret these documents during a free consultation.
Sources & references
- Sample notification letter (regulator filing) · California Attorney General, Heritage Bank Sample Notice Letter (PDF)
- Defendant disclosure · Heritage Bank, Notice of Security Incident · heritagebanknw.com
- Credit bureau freezes · Equifax · Experian · TransUnion
- Free weekly credit reports · AnnualCreditReport.com
- Identity theft recovery guide · FTC consumer identity theft guide
Don't let the deadline decide for you. Submit your claim today.
You only have a limited window to act. Our team will review your notice, explain your options, and tell you whether you may be eligible to recover compensation, at no cost to you.
