Popular reports third-party cybersecurity incident affecting BPPR data
Popular, Inc. disclosed a cybersecurity incident at its third-party vendor, Evertec, affecting data of its Banco Popular de Puerto Rico (BPPR) customers. The incident, notified on May 15, 2026, compromised personal information, including debit card numbers. Popular's own systems were unaffected, and the company has implemented enhanced fraud monitoring and notified regulators. Popular expects no material impact on its operations or financials, citing contractual coverage from Evertec for related losses and costs.
Key Highlights
- Cybersecurity incident at third-party vendor Evertec affected Banco Popular de Puerto Rico (BPPR) customer data.
- Incident compromised personal information, including debit card numbers, of certain BPPR customers.
- Popular's own systems were not accessed or otherwise affected by the incident.
- Company initiated incident response protocols, implemented enhanced fraud monitoring, and notified regulators.
- Affected customers will be notified directly, as appropriate.
- Popular has a contractual right to be covered by Evertec for losses and related costs.
- Company does not believe the incident is reasonably likely to have a material impact on its operations or financials.
Price Impact
More from BPOP
Popular Shareholders Approve Corporate Charter Amendments
Popular, Inc. Declares $0.75 Quarterly Cash Dividend
Popular, Inc. Appoints Manuel Chinea as Chief Experience and Administration Services Officer, Israel Velasco to Lead U.S. Operations