The exposure of Banco Popular de Puerto Rico customers in a cybersecurity breach at PricewaterhouseCoopers (PwC) has raised concerns about the potential impact on account holders in the Virgin Islands. The extent to which they may be affected remains unclear at this time.
In a notification to the Maine Attorney General's office in late July, PwC disclosed that it had experienced a security compromise affecting MOVEit, a software application designed for secure file transfer. The breach exposed the personal information of a limited subset of its client base, including details such as names, social security numbers, and financial and mortgage information related to Banco Popular customers.
This sensitive data was in PwC's possession because of the auditing work the firm performs for Banco Popular. A letter to the bank's customers clarified that, "Auditing Popular, by its very nature, necessitates the sharing of client information with PwC to facilitate the independent validations required for issuing Popular's financial statements."
As of the time of this report, attempts to contact Banco Popular officials in both Puerto Rico and the U.S. Virgin Islands for comments have yielded no responses.
It is worth noting that PwC is not the only major accounting firm to experience such a breach. Earnest & Young, another of the "Big Four" accounting firms, reported in early August that it had suffered a similar cybersecurity incident. This breach compromised financial data, including credit card information, of a significant number of Bank of America customers.
Similarly, Deloitte Global was also affected by a vulnerability in the MOVEit software. However, Deloitte has stated that they have found "no evidence of impact on client data," attributing this to their limited utilization of the affected software.