Evertec, Inc., Popular, Inc. and Banco Popular de Puerto Rico: Third-party cyber incident hits Popular (NASDAQ: BPOP) customer data

Evertec, Inc., Popular, Inc. and Banco Popular de Puerto Rico: Third-party cyber incident hits Popular (NASDAQ: BPOP) customer data

Cybersecurity Incident at Evertec Impacts Banco Popular de Puerto Rico Customer Data

On May 15, 2026, Popular, Inc. disclosed that its third-party financial transaction processor, Evertec, Inc., experienced a cybersecurity breach affecting data belonging to clients, including Banco Popular de Puerto Rico (BPPR), the company’s Puerto Rico-based banking subsidiary. The incident initially involved compromised customer data, with later findings revealing additional exposed information, such as debit card numbers and other personal details.

Popular, Inc. confirmed that its own systems remained unaffected but has collaborated with Evertec to assess the scope of the breach. Enhanced fraud monitoring measures have been implemented to protect customers, and affected individuals will be notified directly. Regulatory authorities have been informed as part of the company’s incident response protocols.

While the breach originated at Evertec, Popular, Inc. holds contractual protections for losses and related expenses stemming from the incident. The company currently does not anticipate a material impact on its operations, financial condition, or results, though ongoing investigations may uncover further details. Risks remain, including potential regulatory scrutiny, customer relationship impacts, and management resource diversion as the situation develops.

Source: https://www.stocktitan.net/sec-filings/BPOP/8-k-popular-inc-reports-material-event-58970421f0e7.html

Popular cybersecurity rating report: https://www.rankiteo.com/company/banco-popular-de-puerto-rico

Evertec cybersecurity rating report: https://www.rankiteo.com/company/evertec

"id": "BANEVE1781015638",
"linkid": "banco-popular-de-puerto-rico, evertec",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Banco Popular de Puerto Rico '
                                              'clients',
                        'industry': 'Financial Services',
                        'location': 'Puerto Rico',
                        'name': 'Evertec, Inc.',
                        'type': 'Third-party financial transaction processor'},
                       {'customers_affected': 'Yes',
                        'industry': 'Banking',
                        'location': 'Puerto Rico',
                        'name': 'Banco Popular de Puerto Rico (BPPR)',
                        'type': 'Banking subsidiary'},
                       {'customers_affected': 'No (own systems unaffected)',
                        'industry': 'Financial Services',
                        'location': 'Puerto Rico',
                        'name': 'Popular, Inc.',
                        'type': 'Parent company'}],
 'customer_advisories': 'Direct notifications to affected individuals',
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Customer data',
                                              'Debit card numbers',
                                              'Personal details']},
 'date_publicly_disclosed': '2026-05-15',
 'description': 'On May 15, 2026, Popular, Inc. disclosed that its third-party '
                'financial transaction processor, Evertec, Inc., experienced a '
                'cybersecurity breach affecting data belonging to clients, '
                'including Banco Popular de Puerto Rico (BPPR), the company’s '
                'Puerto Rico-based banking subsidiary. The incident initially '
                'involved compromised customer data, with later findings '
                'revealing additional exposed information, such as debit card '
                'numbers and other personal details. Popular, Inc. confirmed '
                'that its own systems remained unaffected but has collaborated '
                'with Evertec to assess the scope of the breach. Enhanced '
                'fraud monitoring measures have been implemented to protect '
                'customers, and affected individuals will be notified '
                'directly. Regulatory authorities have been informed as part '
                'of the company’s incident response protocols.',
 'impact': {'brand_reputation_impact': 'Potential customer relationship '
                                       'impacts',
            'data_compromised': 'Customer data, debit card numbers, and other '
                                'personal details',
            'identity_theft_risk': 'Yes',
            'operational_impact': 'Potential diversion of management resources',
            'payment_information_risk': 'Yes'},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'Popular, Inc. disclosure'}],
 'regulatory_compliance': {'regulatory_notifications': 'Yes'},
 'response': {'communication_strategy': 'Direct notifications to affected '
                                        'individuals, regulatory disclosures',
              'containment_measures': 'Enhanced fraud monitoring measures',
              'enhanced_monitoring': 'Yes',
              'incident_response_plan_activated': 'Yes'},
 'title': 'Cybersecurity Incident at Evertec Impacts Banco Popular de Puerto '
          'Rico Customer Data',
 'type': 'Data Breach'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.