Page last updated on September 4, 2025
EVERTEC, Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2025-09-02 06:15:18 EDT.
Company Summary
EVERTEC, Inc., headquartered in San Juan, Puerto Rico, provides financial technology and transaction processing services across Latin America, Puerto Rico, and the Caribbean, offering payment services, merchant acquiring, business solutions, and operating the ATH debit network.
Incident Details
Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)
Compromised Date: 2025-08-29
Detected Date: 2025-08-29
Disclosure Date: 2025-09-02
Contained Date:
Recovered Date:
Attack Goal: Theft
Costs: Not Tracked (yet)
- Fraud (Indirect): Not Tracked (yet) - null
- Forensics (Indirect): Not Tracked (yet) - null
- Incident response (Indirect): Not Tracked (yet) - null
Filings
8-K filed on 2025-09-02
EVERTEC, Inc. filed an 8-K at 2025-09-02 06:15:18 EDT
Accession Number: 0001559865-25-000043
Item 8.01 Other Events.
On August 29, 2025, Sinqia S.A. (“Sinqia”), a Brazilian subsidiary of EVERTEC, Inc. (“Evertec” or the “Company”), identified unauthorized activity in its environment of the Brazilian Central Bank (“BCB”) real-time payment system known as Pix. Upon detecting the incident, and in accordance with its incident response protocol, Sinqia halted transaction processing in its Pix environment and began working with outside cybersecurity forensics experts. Subsequently, the BCB informed Sinqia that it would not be permitted to resume processing transactions in the Brazilian Payments System (“SPB”) and Pix until the BCB reviews and approves the actions taken. Sinqia communicated promptly with federal and state law enforcement authorities in Brazil and the financial institution customers using its Pix environment.
This matter affects a single application in Brazil, and no other Evertec products or services are impacted. The unauthorized activity is related to Business-to-Business financial transactions involving two financial institutions that are customers of Sinqia’s Pix transaction processing services. The Company believes that approximately R$710 million in unauthorized transactions affecting those two Sinqia customers were processed through Sinqia’s Pix environment on August 29, 2025. The Company has been informed that a portion of that amount has been recovered and additional recovery efforts are ongoing.
Preliminary results of the Company’s forensics analysis indicate that the unauthorized transactions were introduced into Sinqia’s Pix environment by exploiting legitimate Sinqia IT vendors’ credentials. Sinqia has terminated access to these credentials.
The Company believes the incident is limited to Sinqia’s Pix environment and has not identified any unauthorized activity in any other Sinqia systems outside of Pix in Brazil. The Company also has no indication that any personal data has been compromised.
Sinqia provided BCB and the two impacted customers with third-party forensics analyses and information requested by BCB. The Company is working diligently to obtain approval to resume processing transactions in SPB and Pix.
While Sinqia’s Pix environment is used by 24 financial institution customers, the financial and reputational impact of the incident, including any impact on the Company’s internal controls, are not yet known and could be material. The Company has not yet determined the scope of any liability associated with this matter, the applicability of any insurance coverage or what claims the Company may have against third parties.
Company Information
| Name | EVERTEC, Inc. |
| CIK | 0001559865 |
| SIC Description | Services-Computer Processing & Data Preparation |
| Ticker | EVTC - NYSE |
| Website | |
| Category | Large accelerated filer |
| Fiscal Year End | December 30 |