Cybersecurity Incident at Evertec Impacts Banco Popular de Puerto Rico Customer Data
On May 15, 2026, Popular, Inc. disclosed that its third-party financial transaction processor, Evertec, Inc., experienced a cybersecurity breach affecting data belonging to clients, including Banco Popular de Puerto Rico (BPPR), the company’s Puerto Rico-based banking subsidiary. The incident initially involved compromised customer data, with later findings revealing additional exposed information, such as debit card numbers and other personal details.
Popular, Inc. confirmed that its own systems remained unaffected but has collaborated with Evertec to assess the scope of the breach. Enhanced fraud monitoring measures have been implemented to protect customers, and affected individuals will be notified directly. Regulatory authorities have been informed as part of the company’s incident response protocols.
While the breach originated at Evertec, Popular, Inc. holds contractual protections for losses and related expenses stemming from the incident. The company currently does not anticipate a material impact on its operations, financial condition, or results, though ongoing investigations may uncover further details. Risks remain, including potential regulatory scrutiny, customer relationship impacts, and management resource diversion as the situation develops.
Source: https://www.stocktitan.net/sec-filings/BPOP/8-k-popular-inc-reports-material-event-58970421f0e7.html
Popular cybersecurity rating report: https://www.rankiteo.com/company/banco-popular-de-puerto-rico
Evertec cybersecurity rating report: https://www.rankiteo.com/company/evertec
"id": "BANEVE1781015638",
"linkid": "banco-popular-de-puerto-rico, evertec",
"type": "Breach",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 'Banco Popular de Puerto Rico '
'clients',
'industry': 'Financial Services',
'location': 'Puerto Rico',
'name': 'Evertec, Inc.',
'type': 'Third-party financial transaction processor'},
{'customers_affected': 'Yes',
'industry': 'Banking',
'location': 'Puerto Rico',
'name': 'Banco Popular de Puerto Rico (BPPR)',
'type': 'Banking subsidiary'},
{'customers_affected': 'No (own systems unaffected)',
'industry': 'Financial Services',
'location': 'Puerto Rico',
'name': 'Popular, Inc.',
'type': 'Parent company'}],
'customer_advisories': 'Direct notifications to affected individuals',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Customer data',
'Debit card numbers',
'Personal details']},
'date_publicly_disclosed': '2026-05-15',
'description': 'On May 15, 2026, Popular, Inc. disclosed that its third-party '
'financial transaction processor, Evertec, Inc., experienced a '
'cybersecurity breach affecting data belonging to clients, '
'including Banco Popular de Puerto Rico (BPPR), the company’s '
'Puerto Rico-based banking subsidiary. The incident initially '
'involved compromised customer data, with later findings '
'revealing additional exposed information, such as debit card '
'numbers and other personal details. Popular, Inc. confirmed '
'that its own systems remained unaffected but has collaborated '
'with Evertec to assess the scope of the breach. Enhanced '
'fraud monitoring measures have been implemented to protect '
'customers, and affected individuals will be notified '
'directly. Regulatory authorities have been informed as part '
'of the company’s incident response protocols.',
'impact': {'brand_reputation_impact': 'Potential customer relationship '
'impacts',
'data_compromised': 'Customer data, debit card numbers, and other '
'personal details',
'identity_theft_risk': 'Yes',
'operational_impact': 'Potential diversion of management resources',
'payment_information_risk': 'Yes'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Popular, Inc. disclosure'}],
'regulatory_compliance': {'regulatory_notifications': 'Yes'},
'response': {'communication_strategy': 'Direct notifications to affected '
'individuals, regulatory disclosures',
'containment_measures': 'Enhanced fraud monitoring measures',
'enhanced_monitoring': 'Yes',
'incident_response_plan_activated': 'Yes'},
'title': 'Cybersecurity Incident at Evertec Impacts Banco Popular de Puerto '
'Rico Customer Data',
'type': 'Data Breach'}