CU Files Lawsuit Against TruStage Over Ongoing Cybersecurity Incident; Seeking Class Action Status

GREENVILLE, Penn. — Bessemer System Federal Credit Union has filed a class action lawsuit in federal court against TruStage Financial Group that alleges that TruStage failed to implement and maintain adequate, industry-standard cybersecurity safeguards, culminating in the cybersecurity incident TruStage disclosed on July 15, 2026.

As the CU Daily reported here, TruStage said it took steps to shut down portions of its network while it investigates what the company described as a cybersecurity incident, emphasizing that the move was taken out of caution as it works to determine the scope of the event.

In a statement, the company said it voluntarily took its network offline after identifying suspicious activity, adding that it immediately activated its incident response protocols and is working with third-party cybersecurity specialists to investigate the matter. The company’s systems continue to be down as noted on its website. 

According to the complaint, unauthorized third parties are believed to have accessed TruStage’s systems, and the resulting shutdown has disrupted services that credit unions depend on daily. The complaint alleges that normal business operations with TruStage have come to a halt.

Charles Nerko of NERKO PLLC, an attorney to the credit union and the proposed class, the lawsuit, brought on behalf of a proposed nationwide class of credit unions and individuals affected by the breach, seeks damages, recovery of payments made for allegedly deficient services, reimbursement of breach-related expenses, and declaratory and equitable relief.

‘Most Powerful Tool’

“Protecting members is at the heart of everything a credit union does,” Bessemer System FCU CEO Joy Peterson said in a statement. “Pursuing a legal claim is the most powerful tool a credit union has to protect its members and obtain compensation from culpable third-party vendors.”

Charles Nerko

“The credit union movement is about member advocacy, and this case is about advocacy for the entire movement,” added Nerko in a statement. “Bessemer has stood up for credit unions before, bringing precedent-setting litigation against Fiserv, and it is an honor to represent the credit union again in another David v. Goliath battle. Every credit union is entitled to vendors whose security practices match their security promises. When a vendor’s performance causes harm, credit unions deserve compensation.” 

As the CU Daily reported earlier, NERKO PLLC, one of the firms representing Bessemer, is a law firm founded to advocate for credit unions in vendor disputes. The firm offers a Third-Party Advantage® program it said helps credit unions respond and recover when vendors cause information security failures and other operational problems.

Nerko said the complaint contrasts the cybersecurity events outlined above with TruStage’s “security representations, including its privacy policy and the 2025 security practices materials in its due diligence center for credit unions, which represent that the company protects corporate information through administrative, physical, and technical safeguards.”

CU’s Prior Litigation

Bessemer System FCU previously brought a widely reported data security lawsuit against Fiserv in the U.S. District Court for the Western District of Pennsylvania that resulted in a confidential settlement in 2024. Later that year, the credit union issued a special dividend of $100 to each member of the credit union.

Nerko PLLC has since brought similar suits against Fiserv that also allege cybersecurity weaknesses at the company. 

In addition to Nerko, the credit union and the proposed class are also represented by Lori G. Feldman of Hecht Partners LLP, and Kara A. Elgersma of Wexler Boley & Elgersma LLP.

The case is Bessemer System Federal Credit Union v. TruStage Financial Group, Inc., pending in the U.S. District Court for the Western District of Wisconsin.

The CU Daily has reached out to TruStage for comment and will update this reporting when comment is received.

Facebook
Twitter
LinkedIn

3 Responses

  1. This CU is $47MM and spends their time doing class action lawsuits? Must be a quick attempt at non-interest income

    1. This $47MM credit union, which is anything other than anonymous, spends their time protecting their members’ information.  We put our money where our mouth is.  Litigation is never a “quick” attempt at anything.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.