• FiCare Federal Credit Union sued Fiserv over alleged cybersecurity failures
• Hackers reportedly took over customer accounts and stole hundreds of thousands
• FiCare says it reimbursed members but was not repaid by Fiserv
• The lawsuit alleges missing controls such as multifactor authentication
• Fiserv denies the claims and says it will defend itself
• The case adds to wider legal and investor pressure on the company

A Florida-based credit union has launched legal action against Fiserv, alleging the payments processing giant failed to provide adequate cybersecurity protections and then charged extra fees after hackers exploited weaknesses in its online banking platform.

FiCare Federal Credit Union, headquartered in Tampa, filed a complaint last week claiming that hackers breached an online banking system provided by Fiserv, enabling them to take control of member accounts and steal funds.

The platform at the center of the dispute, known as Virtual Branch Next, is marketed to small financial institutions as a way to offer digital banking services.

According to the complaint, attackers gained access to customer accounts beginning in 2024, resulting in hundreds of thousands of dollars in losses. FiCare said it reimbursed affected members and repeatedly alerted Fiserv to the security breaches, but the processor did not compensate the credit union for the losses incurred.

The lawsuit, filed in the U.S. District Court for the Middle District of Florida, accuses Fiserv of operating systems that lack basic security controls and exposing sensitive member information to what it describes as easy compromise.

FiCare alleges that Fiserv continued to sell and operate the platform while assuring the credit union that its systems were secure.

FiCare is seeking monetary damages, including recovery of lost funds, according to Charles Nerko, an attorney representing the credit union.

 Nerko said the case is intended not only to recover money but also to push for stronger security standards across the industry.

“Litigation can drive both accountability and compensation in a way customer service channels rarely do,” Nerko said in an emailed statement. “If Fiserv billed for security it did not deliver, its customers should be made whole.”

Fiserv rejected the allegations and said it intends to contest the claims in court. “Fiserv disagrees with the claims and will vigorously defend itself in the lawsuit,” a company spokesperson said in an emailed statement.

The complaint alleges Fiserv failed to implement protections such as biometric controls and multifactor authentication.

It also claims that in December, Fiserv informed customers it would charge additional fees for a security upgrade and required them to sign a new agreement by March to receive enhanced protection.

The lawsuit adds to a growing list of legal challenges facing Fiserv. At least one other credit union, North Carolina-based Self-Help Credit Union, has accused the company of maintaining lax online security standards.

Fiserv has also faced shareholder lawsuits alleging it misled investors about the performance of its point-of-sale business Clover.

A separate lawsuit filed this week in federal court in Wisconsin alleges Fiserv funneled merchants from another point-of-sale service to Clover to inflate revenue figures, according to Bloomberg Law.

Virtual Branch Next, the product cited in FiCare’s lawsuit, is designed to help credit unions deliver digital services such as bill payment and financial management tools. The allegations raise questions about the cybersecurity obligations of technology providers that underpin digital banking for smaller institutions.

Investor confidence in Fiserv has also been under strain. The company’s shares fell sharply in late October after earnings disappointed relative to analyst expectations and are down roughly 49 percent since October 28.

Chief executive Mike Lyons, who replaced longtime CEO Frank Bisignano last year, has acknowledged missteps but defended the company’s overall performance, particularly around the migration and growth of Clover.

The outcome of FiCare’s lawsuit could further test Fiserv’s efforts to restore trust among customers, investors, and regulators.