Please ensure Javascript is enabled for purposes of website accessibility

PwC Audit Client Gets Added to the List of Companies That Have to Send Out Letters to Customers About a Data Breach

Posted on by Going Concern News Desk
stacks of paper in binders

Puerto Rico’s largest bank filed a data breach notification with the Maine Attorney General on August 14 related to the MOVEit ransomware attack that has so far snagged Deloitte, EY, and PwC. For once KPMG is thrilled to be excluded from the Big 4. EY client Bank of America sent a similar notice to its customers last week, that notice did not go into detail as to the why an accounting firm would have had access to this customer information like Popular’s does.

82,217 Banco Popular customers may be affected and all of them will be getting this letter which specifically mentions “compromised personal information” being provided to PwC as part of the firm’s audit work on the bank:

Dear [person]:

We write to inform you that one of our vendors, PricewaterhouseCoopers (PwC), has been a victim of a cybersecurity breach that included certain personal information of our customers. The breach involved the compromise of a software, MOVEit, used by PwC to transfer files for a small number of its clients, including Banco Popular de Puerto Rico (Popular).

As a public corporation that trades in the stock market, Popular is required to use the services of an auditing and accounting firm such as PwC. The job of auditing Popular requires, due to its nature, that Popular share client information so that PwC can perform certain independent validations necessary for Popular to issue financial statements.

Upon learning of the incident, PwC immediately launched an investigation and ceased using the impacted software. As a result of this investigation, it was determined on July 24th, 2023, that certain of the files compromised in the incident included personal information of our customers. The compromised personal information includes your name, Social Security number, mortgage loan number ending in , and mortgage-related fields.

The remainder of the letter explains to customers several ways they can protect their credit and offers two years of free monitoring from Equifax.

PwC has audited Popular for at least two decades, 2003 was the earliest annual report we could dig up in several minutes of searching. The bank is one of the 50 largest U.S. banks by assets and has operated in Puerto Rico for more than 125 years (more than 52 years in the mainland United States).

Story spotted on Cybernews: PwC breach spills into Banco Popular de Puerto Rico

Related Posts

trash can fire

Former Client Cockblocks the EY Split to Make Sure They Get the $2.7 Billion They’re Suing EY For

While it appears the EY split is going off the rails, despite assurances to the […]

Accounting News Roundup: Charlie Rangel Has a Primary Challenger; Does Your Salary Define You?; PCAOB Wants Auditors to Consider Big Weird Transactions | 04.08.10

Rangel Challenged by a Historic Foe [WSJ]
Someone finally realized that Charlie Rangel’s constituents in New York’s 15th District have maybe had enough of Chuck and his “pay taxes as I wrote them, not as I pay them” ways. Rangs will be challenged in the primary by New York State Assemblyman Adam Clayton Powell IV, according to the Journal. Not only does Mr Powell have an upper hand in the ad campaign department but there’s a bit of history here.


Powell Number III, sire of IV, was defeated by ChaRang back in 1970 amid his own ethical trubs. ACP 4th Edition insisted to that this had nothing to do with sweet, sweet revenge, “It has nothing to do with revenge or anything like that. Anyone with that record in public service would be interested in higher office.”

It won’t be easy for ACP4 however. He was flicked away by Rangs in a primary challenge back in 1994 and was recently convicted of “driving while impaired,” which actually seems worse than hogging rent-controlled apartments, since that could result in, you know, someone getting killed.

My Paycheck, My Self? [FINS]
Does your salary define you as a human being? Or, at the very least, does it feel that way? Master pay czar Ken Feinberg had to snoop around some people that pull down some hefty scratch and he found out that the human psyche can easily be affected by their pay stub.

PCAOB Issues Staff Audit Practice Alert on Auditor Considerations of Significant Unusual Transactions [PCAOB]
Don’t worry about the plain old vanilla transactions auditors, the PCAOB needs you to be on the lookout for significant unusual transactions. What that entails, we don’t really know but we’ll assume that means any transaction, and the PCAOB means any transaction, that looks remotely out of the ordinary, has a funny name (that may or may not include a “105”), requires smokey-filled room approval etc., definitely give it a second look. Or a third.

One thought on “PwC Audit Client Gets Added to the List of Companies That Have to Send Out Letters to Customers About a Data Breach

  1. Per 2023 proxy: “PricewaterhouseCoopers LLP has served as the independent registered public accounting firm of BPPR [bank] since 1971 and of Popular [bank holding company] since 1991.”

Comments are closed.