UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, DC 20549
FORM 8-K
CURRENT REPORT
PURSUANT TO SECTION 13 OR 15(d)
OF THE SECURITIES EXCHANGE ACT OF 1934
Date of report (Date of earliest event reported): August 29, 2025
(EXACT NAME OF REGISTRANT AS SPECIFIED IN ITS CHARTER)
| (State or other jurisdiction of incorporation or organization) | (I.R.S. employer identification number) | ||||||||||
| (Address of principal executive offices) | (Zip Code) | ||||||||||
(787 ) 759-9999
(Registrant’s telephone number, including area code)
Not applicable
(Former name, former address and former fiscal year, if changed since last report)
COMMISSION FILE NUMBER 001-35872
Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions:
| Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) | |||||
| Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) | |||||
| Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) | |||||
| Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) | |||||
Securities registered pursuant to Section 12(b) of the Act:
| Title of Class | Trading Symbol(s) | Name of each exchange on which registered | ||||||
Indicate by check mark whether the registrant is an emerging growth company as defined in as defined in Rule 405 of the Securities Act of 1933 (§230.405 of this chapter) or Rule 12b-2 of the Securities Exchange Act of 1934 (§240.12b-2 of this chapter).
Emerging growth company ☐
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
Item 8.01 Other Events
On August 29, 2025, Sinqia S.A. (“Sinqia”), a Brazilian subsidiary of EVERTEC, Inc. (“Evertec” or the “Company”), identified unauthorized activity in its environment of the Brazilian Central Bank (“BCB”) real-time payment system known as Pix. Upon detecting the incident, and in accordance with its incident response protocol, Sinqia halted transaction processing in its Pix environment and began working with outside cybersecurity forensics experts. Subsequently, the BCB informed Sinqia that it would not be permitted to resume processing transactions in the Brazilian Payments System (“SPB”) and Pix until the BCB reviews and approves the actions taken. Sinqia communicated promptly with federal and state law enforcement authorities in Brazil and the financial institution customers using its Pix environment.
This matter affects a single application in Brazil, and no other Evertec products or services are impacted. The unauthorized activity is related to Business-to-Business financial transactions involving two financial institutions that are customers of Sinqia’s Pix transaction processing services. The Company believes that approximately R$710 million in unauthorized transactions affecting those two Sinqia customers were processed through Sinqia’s Pix environment on August 29, 2025. The Company has been informed that a portion of that amount has been recovered and additional recovery efforts are ongoing.
Preliminary results of the Company’s forensics analysis indicate that the unauthorized transactions were introduced into Sinqia’s Pix environment by exploiting legitimate Sinqia IT vendors’ credentials. Sinqia has terminated access to these credentials.
The Company believes the incident is limited to Sinqia’s Pix environment and has not identified any unauthorized activity in any other Sinqia systems outside of Pix in Brazil. The Company also has no indication that any personal data has been compromised.
Sinqia provided BCB and the two impacted customers with third-party forensics analyses and information requested by BCB. The Company is working diligently to obtain approval to resume processing transactions in SPB and Pix.
While Sinqia’s Pix environment is used by 24 financial institution customers, the financial and reputational impact of the incident, including any impact on the Company’s internal controls, are not yet known and could be material. The Company has not yet determined the scope of any liability associated with this matter, the applicability of any insurance coverage or what claims the Company may have against third parties.
Cautionary Note Regarding Forward-Looking Statements
Certain statements in this Current Report on Form 8-K constitute “forward-looking statements” within the meaning of, and subject to the protection of, the Private Securities Litigation Reform Act of 1995. We intend such forward-looking statements to be covered by the safe harbor provisions for forward-looking statements contained in Section 27A of the Securities Act and Section 21E of the Exchange Act. All statements contained in this Current Report on Form 8-K other than statements of historical facts, including, without limitation, statements relating to the Company’s current beliefs, understanding and expectations regarding the cybersecurity incident discussed in this Form 8-K and its scope, nature and impact on the Company’s business, operations and financial results are forward-looking statements. Words such as “believes,” “expects,” “anticipates,” “intends,” “projects,” “estimates,” and “plans” and similar expressions of future or conditional verbs such as “will,” “should,” “would,” “may,” and “could” are forward-looking in nature and not historical facts. Factors that could cause actual results to differ from those expressed in these forward-looking statements include, but are not limited to, the outcome of the Company’s ongoing assessment of the incident and its ability to address the impact of this incident; legal, regulatory, reputational and financial risks resulting from this incident or additional incidents; and other important factors set forth under “Part 1, Item 1A. Risk Factors,” in the Company’s Annual Report on Form 10-K for the fiscal year ended December 31, 2024, filed with the Securities and Exchange Commission (the “SEC”) on March 3, 2025, as any such factors may be updated from time to time in the Company’s subsequent filings with the SEC. Unless required by law, the Company expressly disclaims any obligation to update publicly any forward-looking statements, whether as result of new information, future events or otherwise.
SIGNATURES
Pursuant to the requirements of the Exchange Act, the Registrant has duly caused this report to be signed on its behalf by the undersigned hereunto duly authorized.
| EVERTEC, Inc. | ||||||||
| (Registrant) | ||||||||
| Date: September 2, 2025 | By: | /s/ Joaquín A. Castrillo-Salgado | ||||||
| Joaquín A. Castrillo-Salgado | ||||||||
| Chief Financial Officer | ||||||||