HeartLine, Inc. (HeartLine Oklahoma), a nonprofit 24/7 community resource and crisis-intervention helpline serving approximately 2.3 million Oklahomans through 2-1-1, suicide prevention, problem-gambling, and veteran-services lines, was added on or around July 22, 2025 to the INC Ransom ransomware-as-a-service group's dark-web leak site. INC Ransom claimed to have exfiltrated personal data from HeartLine's internal systems and threatened to publish the data if ransom demands were not met. HeartLine has not publicly detailed the attack, and the breach surfaced through dark-web monitoring services and U.S. plaintiff law-firm investigations.

The breach affected approximately 6,500 individuals based on records indexed by breach-tracking services. Compromised fields included Social Security numbers, email addresses, phone numbers, and home addresses. As a crisis-intervention helpline operating multiple suicide prevention, problem-gambling, and 2-1-1 referral services, the underlying records exfiltrated by the attackers may also include intake documentation, referral histories, and service-navigation records that reveal extremely sensitive contexts including suicidal ideation, addiction, gambling problems, domestic violence, housing instability, and veteran mental-health needs.

For affected individuals, the practical risk profile is unusually severe and durable because of the unique sensitivity of crisis-helpline interactions. The combination of name, address, phone number, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms a relationship with a crisis or social-services helpline and may reveal extremely private contexts including suicide-prevention contact, problem-gambling treatment, or domestic-violence assistance. These contexts can support targeted scams, harassment, and coercive abuse, and may carry employment and family consequences for individuals whose helpline contact was confidential. Affected individuals should freeze credit at all three U.S. bureaus, monitor financial accounts closely, and remain alert to unsolicited contact referencing HeartLine, 2-1-1 services, or specific crisis-support topics.

Community-support nonprofits collect caller or client identity, contact details, referral records, service-needs information, and support-interaction data tied to crisis, health, or social-service navigation.

HeartLine Oklahoma was named on or around July 22, 2025 as a victim of the INC Ransom ransomware-as-a-service group, which added the organization to its dark-web data leak site as part of a wave of new victims that week. INC Ransom claimed to have exfiltrated personal data from HeartLine's internal systems. HeartLine has not publicly detailed the attack as of this writing. U.S. plaintiff law firms began organizing investigations in late July 2025. The HeartLine attack was part of a broader 2025 ransomware wave affecting Oklahoma public-service organizations, including municipal services in the City of Durant and the OnSolve/Crisis24 CodeRed emergency notification system used by Vinita, Grove, and Carlton Landing residents.