Heritage experienced a network intrusion on or around September 16, 2025, compromising systems containing sensitive personal identifiable information (PII) and protected health information (PHI). The breach exposed a wide range of highly sensitive data, including Social Security numbers, driver’s license numbers, bank/credit card details, dates of birth, addresses, phone numbers, emails, medication records, healthcare diagnoses, test results, and provider information. The incident was confirmed after an investigation revealed unauthorized third-party access to the data. While the exact number of affected individuals remains undisclosed, the scope suggests severe exposure of both financial and health-related data, posing risks of identity theft, financial fraud, and medical privacy violations. Heritage responded by offering complimentary credit monitoring to impacted individuals and published a breach notice on October 28, 2025, detailing the compromised data types. The breach’s severity is amplified by the combination of financial and health data leakage, which could lead to long-term reputational damage, regulatory penalties, and potential legal liabilities for Heritage. The delayed public disclosure (over a month post-intrusion) may further exacerbate trust erosion among customers and partners.
Source: https://straussborrelli.com/2025/11/26/heritage-communities-data-breach-investigation/
Heritage Southeast Bank cybersecurity rating report: https://www.rankiteo.com/company/heritage-southeast-bank
"id": "HER0903009112725",
"linkid": "heritage-southeast-bank",
"type": "Breach",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Healthcare', 'name': 'Heritage'}],
'customer_advisories': 'Breach notice posted on website; direct communication '
'to affected individuals with details of exposed data '
'and offer of credit monitoring services',
'data_breach': {'data_exfiltration': 'Potentially accessed by unauthorized '
'third party',
'personally_identifiable_information': ['Name',
'Social Security '
'number',
'Driver’s license '
'number',
'Date of birth',
'Address',
'Phone number',
'Email address'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-09-16',
'date_publicly_disclosed': '2025-10-28',
'description': 'Heritage announced a data breach where sensitive personal '
'identifiable information (PII) and protected health '
'information (PHI) may have been compromised due to a network '
'intrusion. The breach affected a limited number of systems, '
'and an unauthorized third party may have accessed the data. '
'Heritage launched an investigation and is offering '
'complimentary credit monitoring services to affected '
'individuals.',
'impact': {'data_compromised': ['Name',
'Social Security number',
'Driver’s license number',
'Bank account information',
'Credit card information',
'Date of birth',
'Address',
'Phone number',
'Email address',
'Medication information',
'Healthcare diagnosis information',
'Test results',
'Healthcare provider information'],
'identity_theft_risk': 'High (PII and PHI exposed)',
'payment_information_risk': 'High (bank account and credit card '
'information exposed)',
'systems_affected': 'Limited number of systems'},
'investigation_status': 'Ongoing (review of impacted data and identification '
'of affected individuals in progress)',
'references': [{'date_accessed': '2025-10-28',
'source': 'Heritage Breach Notice'}],
'response': {'communication_strategy': 'Breach notice posted on website; '
'direct notification to affected '
'individuals with details of exposed '
'data',
'incident_response_plan_activated': True,
'recovery_measures': 'Complimentary credit monitoring services '
'for affected individuals'},
'threat_actor': 'Unauthorized third party',
'title': 'Heritage Data Breach Involving Sensitive Personal and Protected '
'Health Information',
'type': 'Data Breach'}