{"filing":{"accession_number":"0001193125-26-263044","cik":"0000763901","ticker":"BPOPM","company_name":"POPULAR, INC.","form":"8-K","filing_date":"2026-06-09","report_date":null,"primary_document":"d46942d8k.htm","primary_document_url":"https://www.sec.gov/Archives/edgar/data/763901/000119312526263044/d46942d8k.htm"},"events":[{"id":4308,"run_id":3761,"accession_number":"0001193125-26-263044","anchor_item_number":"8.01","event_type":"cybersecurity_incident","event_domain":"legal","is_material":true,"confidence":0.95,"summary":"The filing discloses a material cybersecurity incident at Evertec, a third-party core processing provider, affecting customer data of BPPR (Popular's Puerto Rico subsidiary). The compromised data includes personal information, debit card numbers, and other customer information. Although the Corporation states it does not currently believe the incident is reasonably likely to have material impact, the disclosure itself—involving customer data compromise, regulatory notification, and enhanced fraud monitoring—constitutes a material cybersecurity incident requiring 8-K disclosure under Item 1.05 rules (effective 2023).","company_name":"POPULAR, INC.","ticker":"BPOPM","filing_date":"2026-06-09","items":[{"id":5428,"accession_number":"0001193125-26-263044","item_number":"8.01","item_title":null,"event_type":"cybersecurity_incident","event_domain":"legal","is_material":true,"confidence":0.95,"reasoning":"The filing discloses a material cybersecurity incident at Evertec, a third-party core processing provider, affecting customer data of BPPR (Popular's Puerto Rico subsidiary). The compromised data includes personal information, debit card numbers, and other customer information. Although the Corporation states it does not currently believe the incident is reasonably likely to have material impact, the disclosure itself—involving customer data compromise, regulatory notification, and enhanced fraud monitoring—constitutes a material cybersecurity incident requiring 8-K disclosure under Item 1.05 rules (effective 2023).","classifier_version":"claude-haiku-4-5-20251001+prompt-9e0ffca5","taxonomy_version":"v1","classified_at":"2026-06-09T12:31:06.145991+00:00","company_name":"","ticker":null,"filing_date":""}]}],"classifications":[{"id":5428,"accession_number":"0001193125-26-263044","item_number":"8.01","item_title":null,"event_type":"cybersecurity_incident","event_domain":"legal","is_material":true,"confidence":0.95,"reasoning":"The filing discloses a material cybersecurity incident at Evertec, a third-party core processing provider, affecting customer data of BPPR (Popular's Puerto Rico subsidiary). The compromised data includes personal information, debit card numbers, and other customer information. Although the Corporation states it does not currently believe the incident is reasonably likely to have material impact, the disclosure itself—involving customer data compromise, regulatory notification, and enhanced fraud monitoring—constitutes a material cybersecurity incident requiring 8-K disclosure under Item 1.05 rules (effective 2023).","classifier_version":"claude-haiku-4-5-20251001+prompt-9e0ffca5","taxonomy_version":"v1","classified_at":"2026-06-09T12:31:06.145991+00:00","company_name":"POPULAR, INC.","ticker":"BPOPM","filing_date":"2026-06-09"}]}