{"filing":{"accession_number":"0001140361-26-023313","cik":"0000826154","ticker":"ORRF","company_name":"ORRSTOWN FINANCIAL SERVICES INC","form":"8-K","filing_date":"2026-05-29","report_date":null,"primary_document":"ef20075213_8k.htm","primary_document_url":"https://www.sec.gov/Archives/edgar/data/826154/000114036126023313/ef20075213_8k.htm"},"events":[{"id":2073,"run_id":1802,"accession_number":"0001140361-26-023313","anchor_item_number":"8.01","event_type":"cybersecurity_incident","event_domain":"legal","is_material":true,"confidence":0.85,"summary":"The filing discloses a material cybersecurity incident in section (b) whereby a third-party vendor experienced unauthorized access to sensitive personal information of certain Company customers. Although the Company states its own systems were not compromised and no misuse has occurred to date, the disclosure of the incident itself, notification obligations to customers, credit monitoring services, and explicit acknowledgment of potential legal, reputational, and financial risks in the forward-looking statements section establish this as a reportable cybersecurity event under Item 1.05 (required since 2023). The Company's own characterization of potential \"legal, reputational, and financial risks\" elevates this beyond a purely vendor-related matter.","company_name":"ORRSTOWN FINANCIAL SERVICES INC","ticker":"ORRF","filing_date":"2026-05-29","items":[{"id":2635,"accession_number":"0001140361-26-023313","item_number":"8.01","item_title":null,"event_type":"cybersecurity_incident","event_domain":"legal","is_material":true,"confidence":0.85,"reasoning":"The filing discloses a material cybersecurity incident in section (b) whereby a third-party vendor experienced unauthorized access to sensitive personal information of certain Company customers. Although the Company states its own systems were not compromised and no misuse has occurred to date, the disclosure of the incident itself, notification obligations to customers, credit monitoring services, and explicit acknowledgment of potential legal, reputational, and financial risks in the forward-looking statements section establish this as a reportable cybersecurity event under Item 1.05 (required since 2023). The Company's own characterization of potential \"legal, reputational, and financial risks\" elevates this beyond a purely vendor-related matter.","classifier_version":"claude-haiku-4-5-20251001+prompt-9e0ffca5","taxonomy_version":"v1","classified_at":"2026-05-30T02:08:23.451530+00:00","company_name":"","ticker":null,"filing_date":""}]}],"classifications":[{"id":2635,"accession_number":"0001140361-26-023313","item_number":"8.01","item_title":null,"event_type":"cybersecurity_incident","event_domain":"legal","is_material":true,"confidence":0.85,"reasoning":"The filing discloses a material cybersecurity incident in section (b) whereby a third-party vendor experienced unauthorized access to sensitive personal information of certain Company customers. Although the Company states its own systems were not compromised and no misuse has occurred to date, the disclosure of the incident itself, notification obligations to customers, credit monitoring services, and explicit acknowledgment of potential legal, reputational, and financial risks in the forward-looking statements section establish this as a reportable cybersecurity event under Item 1.05 (required since 2023). The Company's own characterization of potential \"legal, reputational, and financial risks\" elevates this beyond a purely vendor-related matter.","classifier_version":"claude-haiku-4-5-20251001+prompt-9e0ffca5","taxonomy_version":"v1","classified_at":"2026-05-30T02:08:23.451530+00:00","company_name":"ORRSTOWN FINANCIAL SERVICES INC","ticker":"ORRF","filing_date":"2026-05-29"}]}