Back

Evertec Reports Data Breach Affecting Financial Clients in Puerto Rico

Severity: Medium (Score: 51.9)

Sources: Investing, Classaction

Published: 2026-06-09 · Updated: 2026-06-10

Keywords: evertec, data, breach, reported, attorneys, investigating, reports

Severity indicators: breach, data breach

Summary

Evertec, Inc. disclosed a cybersecurity incident on June 9, 2026, revealing potential unauthorized access to customer data that occurred on May 13, 2026. The breach, attributed to a third-party support platform, impacted financial institution clients in Puerto Rico, including transaction records, payment card numbers, and customer names. The company has initiated cyber incident response protocols, notified federal authorities, and engaged external cybersecurity experts for investigation. Affected clients are being informed, and Evertec is mailing notification letters to those impacted. The incident has not yet caused operational disruptions, but the full scope of the breach is still under investigation. Evertec is expected to incur expenses related to the incident and has cybersecurity insurance, though the extent of liabilities is undetermined. Key Points: • Evertec reported unauthorized access to customer data affecting financial clients in Puerto Rico. • The breach involved transaction records and payment card numbers accessed through a third-party platform. • Evertec is cooperating with federal authorities and external experts to investigate the incident.

Detailed Analysis

**Impact** The breach affected financial institution clients of Evertec in Puerto Rico, including Popular, exposing transaction records, payment card numbers, and some customer names and information. The incident was identified on May 13, 2026, with no reported operational disruptions or service interruptions to date. Evertec is still assessing the full scope of compromised data and is communicating with affected institutions. Potential financial and legal consequences include investigation and remediation costs, as well as ongoing class action lawsuit inquiries. **Technical Details** The unauthorized access occurred via a third-party support platform, which was used to obtain customer data. No specific malware, CVEs, or detailed TTPs were disclosed. The attack was detected and contained following Evertec’s incident response protocols, with external cybersecurity experts engaged. There are no reported IOCs or infrastructure details available from the sources. **Recommended Response** Organizations should verify the security and access controls of third-party support platforms and monitor for unauthorized access attempts. Financial institutions should notify affected customers and review transaction logs for anomalies. Defenders should maintain heightened monitoring for suspicious activity related to third-party integrations and ensure communication channels for breach notifications are operational. No specific patches or signatures were provided; ongoing investigation updates should be followed.

Source articles (2)

  • Evertec reports cybersecurity incident affecting financial institution clients — Investing · 2026-06-09
    Evertec, Inc. ( NYSE:EVTC ) disclosed Monday that it identified potential unauthorized access to customer data on May 13, 2026. The company reported in a statement based on an SEC filing that it promp…
  • Evertec Data Breach Reported; Attorneys Investigating — Classaction · 2026-06-09
    Attorneys working with ClassAction.org are looking into whether a class action lawsuit can be filed in light of the Evertec data breach. As part of their investigation, they need to hear from individu…

Timeline

  • 2026-05-13 — Unauthorized access detected: Evertec identified potential unauthorized access to customer data through a third-party support platform.
  • 2026-06-09 — Data breach disclosed: Evertec filed a Form 8-K with the SEC reporting the data breach affecting financial institution clients.
  • 2026-06-09 — Investigation initiated: Evertec engaged external cybersecurity experts and notified federal law enforcement to investigate the breach.

Related entities

  • Data Breach (Attack Type)
  • Evertec (Company)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • classaction.org (Domain)
  • Financial (Industry)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed