Banco Popular de Puerto Rico Reports Data Breach to SEC

Popular Inc., the parent company of Banco Popular de Puerto Rico and the largest banking institution in Puerto Rico by both assets and deposits, disclosed a data breach on June 9, 2026.

The incident is also connected to Evertec, a payment technology and transaction processing company. The total number of individuals affected in the United States has not yet been publicly disclosed.

The breach was disclosed through a filing with the U.S. Securities and Exchange Commission on June 9, 2026. A related SEC filing by Evertec was also submitted on the same date.

The full details of this data breach remain limited based on the publicly available information reviewed for this report. The specific types of personal information that may have been exposed and the exact dates over which the incident took place have not been confirmed through available disclosures.

The SEC disclosure was made through a Form 8-K, a type of report that publicly traded companies in the United States must submit when significant events occur that shareholders and the investing public need to know about. Under rules adopted by the SEC, companies are required to disclose cybersecurity incidents that could have a material impact on their business through these filings.

This filing indicates that Popular Inc. determined the breach was significant enough to meet the threshold for mandatory disclosure.

The available documentation indicates that Evertec, a company that provides payment processing and transaction services, is also connected to this incident.

Affected individuals should watch for official correspondence from Popular Inc. or Banco Popular de Puerto Rico in the coming weeks. Legitimate data breach notification letters generally arrive by U.S. mail and are addressed to specific individuals whose information was determined to be involved.

These letters typically include detailed instructions about how to enroll in any protective services being offered, along with a dedicated phone number or website where consumers can direct questions.

Consumers can also review Popular's online privacy practices for general information about how the company collects, uses and protects personal data. The company additionally maintains community guidelines for customers who interact with the bank through its social media channels.