$BPOP·8-K

POPULAR, INC. · Jun 9, 8:30 AM ET

Compare

POPULAR, INC. 8-K

Research Summary

AI-generated summary

Updated

Popular, Inc. Reports Evertec Cybersecurity Incident Affecting BPPR Data

What Happened

  • Popular, Inc. (BPOP) filed an 8‑K on June 9, 2026 saying it was notified on May 15, 2026 that Evertec, its third‑party core processing and IT services provider, experienced a cybersecurity incident. Evertec later identified additional Banco Popular de Puerto Rico (BPPR) data that was compromised. Affected data includes personal information for certain BPPR customers, including debit card numbers and other information. Popular’s own systems were not accessed or affected.

Key Details

  • Notification date: May 15, 2026; subsequent updates identified additional BPPR data impacts.
  • Types of data affected: personal customer information, including debit card numbers (specific scope still being assessed).
  • Company action: Popular initiated its cybersecurity incident response, implemented enhanced fraud monitoring, and notified applicable regulators; affected customers will be notified as appropriate.
  • Liability/coverage: Popular states it has a contractual right to be covered by Evertec for losses and reasonable, customary costs and expenses related to the incident.

Why It Matters

  • For investors, the filing signals a third‑party data breach that affects BPPR customers but did not penetrate Popular’s systems. The company currently believes the incident is unlikely to be material to its operations or financial condition based on information to date.
  • Remaining uncertainties include the final scope of compromised data, potential customer remediation costs, regulatory outcomes, and whether Evertec’s contractual coverage or insurance fully reimburses related losses — all items the company lists as risks that could affect results if circumstances change.

Loading document...