Puerto Rico’s largest bank joins the victim list of the MOVEit attacks after the personal data of its 82,217 clients were exposed via third-party vendor PricewaterhouseCoopers (PwC).
Banco Popular de Puerto Rico, also active in the mainland US, has started to inform thousands of its clients that their personal information was compromised due to a cybersecurity breach that affected PwC, one of the world’s biggest accountancy firms.
“The breach involved the compromise of a software, MOVEit, used by PwC to transfer files for a small number of its clients, including Banco Popular de Puerto Rico,” the bank said in a letter to customers.
The compromised personal information included names, social security numbers, mortgage loan numbers, and mortgage-related fields, the bank said.
According to a notice filed with the Maine Attorney General, the breach occurred on July 24th and was discovered the same day. Banco Popular said that PwC “immediately” launched an investigation and ceased using the impacted software.
The bank also said it has to use the services of auditing and accounting firms such as PwC because it is a publicly-listed company.
“The job of auditing Popular requires, due to its nature, that Popular share client information so that PwC can perform certain independent validations necessary for Popular to issue financial statements,” it told its customers.
Banco Popular said it regretted the incident and took it “very seriously.”
PwC is one of the Big Four audit firms targeted by the Russian-linked Cl0p ransomware gang, with Deloitte and Earnst&Young (EY) among its other victims.
Last week, EY confirmed that over 30,000 Bank of America customers were exposed via MOVEit attacks, with threat actors accessing financial account information and credit card numbers.
More from Cybernews:
Subscribe to our newsletter