In the wake of a recent cybersecurity lapse at PricewaterhouseCoopers (PwC), anxiety is growing among the Banco Popular de Puerto Rico clientele, especially those hailing from the Virgin Islands. The extent of this potential impact, as of now, is still shrouded in ambiguity.
PwC, in a communication to the Maine Attorney General’s office towards the end of July, admitted to a digital security lapse that impacted its MOVEit software— a platform tailored for the safe transfer of files. The breach unveiled the personal particulars of a specific portion of its clientele. Notably, this encompassed details ranging from names and social security numbers to intricate financial and mortgage specifics tied to Banco Popular’s customers.
Why did PwC have access to such delicate information? It’s rooted in the audit-related work the firm undertakes for Banco Popular. Elaborating on this, a missive addressed to the bank’s clienteles stated, “The audit process for Popular inherently requires us to share client-specific data with PwC. This facilitates the external checks essential for the generation of Popular’s fiscal reports.”
While efforts to touch base with Banco Popular representatives in both Puerto Rico and the U.S. Virgin Islands continue, no feedback has been procured at the time this piece was compiled.
However, this incident isn’t isolated to PwC alone. Another stalwart from the “Big Four” accounting conglomerates, Earnest & Young, revealed in the initial days of August about its own cybersecurity setback. Their breach exposed the financial specifics, inclusive of credit card details, for a considerable segment of Bank of America’s clientele.
Drawing a parallel, Deloitte Global, too, fell prey to the same susceptibility linked to the MOVEit software. Nonetheless, Deloitte has been quick to assuage concerns, mentioning that their preliminary investigation has “unearthed no indications of client data being compromised,” chalking it up to their restrained use of the vulnerable software.
It’s essential, now more than ever, for financial institutions and the firms they collaborate with to bolster their cybersecurity efforts. As investigations progress, the true extent of these breaches and their repercussions will be brought to light. For now, account holders, especially those in the Virgin Islands, await clarity.