EVERTEC Discloses Data Breach Affecting Puerto Rico Financial Clients
Summary
EVERTEC, Inc. has disclosed a cybersecurity incident affecting customer data of its financial institution clients in Puerto Rico, including payment card numbers and transaction records. The company is investigating the full scope and potential liabilities.
Key Events
-
Cybersecurity Incident Disclosed
EVERTEC learned on May 13, 2026, of potential unauthorized access to customer data through a third-party support platform.
-
Sensitive Data Compromised
The breach involved financial institution clients' transaction records, payment card numbers, and in some cases, customer names and contact information, primarily impacting clients in Puerto Rico.
-
Containment and Investigation Underway
The company initiated cyber incident response protocols, notified federal law enforcement, engaged external cybersecurity experts, and believes the unauthorized party no longer has access.
-
No Operational Disruption Reported
To date, the incident has not resulted in operational disruption or interruption in service to any customers.
Analysis
This disclosure of a cybersecurity incident is a significant negative event for a financial technology company like EVERTEC. While the company states there has been no operational disruption to date and the intrusion is contained, the breach of payment card numbers and transaction records carries substantial reputational, regulatory, and financial risks. The ongoing investigation into the full scope of impact and potential liabilities means the financial consequences are still uncertain, which adds to investor concern.
At the time of this filing, EVTC was trading at $23.05 on NYSE in the Technology sector, with a market capitalization of approximately $1.4B. The 52-week trading range was $21.81 to $38.02. This filing was assessed with negative market sentiment and an importance score of 8 out of 10.