heartlineoklahoma.org 2025 Data Breach

HeartLine Oklahoma Community Nonprofit Breach (2025): 6.5K Client Records Including SSN Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

INC RansomMedicalEmail AddressPhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

HeartLine Oklahoma Community Nonprofit Breach (2025): 6.5K Client Records Including SSN Exposed

Nonprofit information and referral service organization.

Verified by ObscureIQ Intelligence
67/100Breach Risk Index
27Data Value
40Market Recency
253dSince Breach

Breach Intelligence Summary

Entity: heartlineoklahoma.org · Actor: INC Ransom · Sources: 2 references
Attack: Unknown
Profile: Nonprofit · Health and social service referrals · Community support organization · USA
Timeline: Breach (2025-07-21) · Indexed (Aug 17, 2025) · Year (2025)
Exposure: 6K records · 4 fields: Email Address, Phone Number, Physical Address, Social Security Number
Status: Reported

Executive Summary

HeartLine, Inc. (HeartLine Oklahoma), a nonprofit 24/7 community resource and crisis-intervention helpline serving approximately 2.3 million Oklahomans through 2-1-1, suicide prevention, problem-gambling, and veteran-services lines, was added on or around July 22, 2025 to the INC Ransom ransomware-as-a-service group's dark-web leak site. INC Ransom claimed to have exfiltrated personal data from HeartLine's internal systems and threatened to publish the data if ransom demands were not met. HeartLine has not publicly detailed the attack, and the breach surfaced through dark-web monitoring services and U.S. plaintiff law-firm investigations. The breach affected approximately 6,500 individuals based on records indexed by breach-tracking services. Compromised fields included Social Security numbers, email addresses, phone numbers, and home addresses. As a crisis-intervention helpline operating multiple suicide prevention, problem-gambling, and 2-1-1 referral services, the underlying records exfiltrated by the attackers may also include intake documentation, referral histories, and service-navigation records that reveal extremely sensitive contexts including suicidal ideation, addiction, gambling problems, domestic violence, housing instability, and veteran mental-health needs. For affected individuals, the practical risk profile is unusually severe and durable because of the unique sensitivity of crisis-helpline interactions. The combination of name, address, phone number, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms a relationship with a crisis or social-services helpline and may reveal extremely private contexts including suicide-prevention contact, problem-gambling treatment, or domestic-violence assistance. These contexts can support targeted scams, harassment, and coercive abuse, and may carry employment and family consequences for individuals whose helpline contact was confidential. Affected individuals should freeze credit at all three U.S. bureaus, monitor financial accounts closely, and remain alert to unsolicited contact referencing HeartLine, 2-1-1 services, or specific crisis-support topics.

ObscureIQ assessment: High sensitivity. Exposure can enable harassment, fraud, and exploitation of people in vulnerable circumstances. Referral and support-history data may also reveal mental-health, abuse, or crisis-related context.

Breach Impact

The institutional impact on HeartLine Oklahoma is meaningful given the organization's role as a primary 2-1-1 and crisis-intervention provider for the state. As a community nonprofit, HeartLine operates with a limited cybersecurity budget and staffing relative to larger healthcare and government organizations, which is a known sector-wide vulnerability for crisis-services and social-services providers. State breach-notification obligations under Oklahoma law are likely triggered, and Oklahoma's recently updated 2025 breach-notification law will affect HeartLine's disclosure framework going forward. The reputational impact is concentrated within Oklahoma's social-services and crisis-support community, where HeartLine's trust relationship with vulnerable callers is unusually consequential. INC Ransom's threatened publication of stolen data creates ongoing extortion exposure.

About heartlineoklahoma.org

HeartLine, Inc. (HeartLine Oklahoma) is a nonprofit information, referral, and crisis-intervention organization headquartered in Oklahoma City, Oklahoma. Founded in 1971, HeartLine operates as a 24/7 community resource helpline and serves a population of approximately 2.3 million Oklahomans through its various programs. The organization operates the statewide 2-1-1 community resource and social services helpline, the 848-CARE helpline, the Oklahoma Problem Gambling Helpline (1-800-522-4700), the national 1-800-SUICIDE line, and the 988-aligned 1-800-273-TALK suicide prevention line. HeartLine was accredited in 2011 by the Alliance for Information & Referral Systems. As a nonprofit human-services helpline, HeartLine maintains caller and client identity, contact details, referral records, and intake documentation tied to crisis, social-service, suicide prevention, problem-gambling, and veteran-services interactions.

Why They Hold Your Data

Community-support nonprofits collect caller or client identity, contact details, referral records, service-needs information, and support-interaction data tied to crisis, health, or social-service navigation.

Recent Developments

HeartLine Oklahoma was named on or around July 22, 2025 as a victim of the INC Ransom ransomware-as-a-service group, which added the organization to its dark-web data leak site as part of a wave of new victims that week. INC Ransom claimed to have exfiltrated personal data from HeartLine's internal systems. HeartLine has not publicly detailed the attack as of this writing. U.S. plaintiff law firms began organizing investigations in late July 2025. The HeartLine attack was part of a broader 2025 ransomware wave affecting Oklahoma public-service organizations, including municipal services in the City of Durant and the OnSolve/Crisis24 CodeRed emergency notification system used by Vinita, Grove, and Carlton Landing residents.

Data Points Exposed

4 verified field types
Email Address
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Threat Actor: INC Ransom

INC Ransom
Unknown

Attribution and method are based on available breach intelligence. Reported attack vector: Unknown.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the heartlineoklahoma.org breach?

HeartLine, Inc. (HeartLine Oklahoma), a nonprofit 24/7 community resource and crisis-intervention helpline serving approximately 2.3 million Oklahomans through 2-1-1, suicide prevention, problem-gambling, and veteran-services lines, was added on or around July 22, 2025 to the INC Ransom…

What data was exposed?

Verified fields include Email Address, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation