
Puerto Rico regulators warn consumers after Evertec breach leaked transaction records and card numbers. No evidence of fraud yet, but credit monitoring offered through Sept. 30.
EVERTEC, Inc. currently carries an Alpha Score of n/a, giving AlphaScala's model a neutral read on the setup.
A cybersecurity breach at Evertec (EVTC), the Puerto Rico-based payments processor that operates the ATH network, leaked transaction records and payment card numbers tied to financial institutions on the island. The company disclosed the incident in a May 13 SEC filing, saying unauthorized access occurred through a third-party support platform. Customer names and contact information may also have been taken in some cases, Evertec said.
PINs, CVV security codes, account passwords, and online banking passcodes were not exposed, the company confirmed. Evertec said it contained the breach, secured its systems, and found no disruption to its operations or customer services. Forensic experts were brought in alongside federal law enforcement.
The Puerto Rico Innovation and Technology Service, or PRITS, and the Department of Consumer Affairs (DACO) both issued public warnings. PRITS executive director Poincaré Díaz-Peña urged residents to review bank and credit card statements regularly and to avoid sharing account details over phone, email, or text. "Cybersecurity incidents can affect any organization, so it is important for citizens to remain vigilant and take preventative measures," Díaz-Peña said.
DACO Secretary Hiram J. Torres-Montalvo said the agency's fraud-detection unit has been in direct contact with Evertec and other entities to gauge consumer risk. "Our goal is to ensure that any possible risk to consumers is addressed quickly and effectively," he said. DACO noted that the potentially compromised data includes card numbers, expiration dates, names, and dates of birth. Passwords and PINs were explicitly excluded.
DACO's fraud scheme unit has identified 48 different schemes so far this year. Torres-Montalvo told consumers to report suspicious activity to their financial institution and to authorities immediately.
Evertec said affected cardholders will receive a mailed notice with details and a complimentary 24-month credit monitoring subscription through Experian. The service must be activated by Sept. 30. A dedicated call center is available at 1-866-242-1613 from 9 a.m. to 9 p.m. AST, with weekend and holiday support through June 21.
The company warned that neither Evertec, its ATH Móvil app, nor any financial institution will call customers asking for card numbers, PINs, or security codes. Evertec said cardholders can continue using their cards as normal, though some banks may decide to issue replacement cards as a precaution. "To date, we have no evidence that any information involved in the unauthorized access has been used for fraudulent purposes," Evertec said in its public update.
The breach underscores the risk concentration in Puerto Rico's payment infrastructure. Evertec processes roughly 60% of the island's card transactions. Any operational failure at that central node radiates through the entire financial system, as PRITS and DACO recognized with their coordinated alerts. The immediate watchlist question is whether any secondary fraud emerges in the weeks ahead – the typical window for testing stolen card data. A second question is whether Evertec faces regulatory costs or client churn from financial institutions that reconsider third-party support dependencies.
The company's stock is not directly covered here for trade recommendations, the clock is ticking on credit monitoring activation.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.