Popular Inc. (NASDAQ: BPOP) disclosed that its third-party financial transaction processor Evertec Inc. experienced a cybersecurity incident that compromised certain customer data from Banco Popular de Puerto Rico, the company's Puerto Rico banking subsidiary.

Evertec notified Popular on May 15, 2026, about the security breach affecting client data. The processor subsequently informed Popular that additional data from the bank had been compromised. The affected information includes personal data of certain bank customers, including debit card numbers and other information, according to the company's statement.

Popular said it activated cybersecurity incident response protocols and notified applicable regulators. The company implemented enhanced fraud monitoring measures and will notify affected customers directly. Popular's own systems were not accessed or affected by the incident.

The company has contractual rights to coverage from Evertec for losses and reasonable costs related to the incident. Popular stated it does not believe the incident will have a material impact on its operations, financial condition or results of operations based on currently available information.

The disclosure was made in a company statement regarding the third-party security breach affecting its Puerto Rico banking operations.