Charles Nerko, team leader for data security litigation in Barclay Damon’s Data Security & Technology Practice Area, was interviewed by Law360 for the article “Payment Co. Faces Claims for ‘Shockingly Easy’ Data Access” (available to subscribers here) about a community credit union’s lawsuit against technology provider Fiserv Inc. accusing Fiserv of long-standing cybersecurity failures in its technology systems offered to financial institutions.
The credit union claims Fiserv’s systems are vulnerable to “shockingly easy” cyberattacks due to inadequate login protections and lack of multifactor authentication—issues Fiserv allegedly knew about but failed to fix. Instead, the credit union alleges, Fiserv prioritized profits and market expansion, locking financial institutions into long-term contracts while failing to keep pace with evolving cybersecurity threats.
According to Charles, “Vendors are often the weakest link in cybersecurity, and many organizations are reassessing how they manage cybersecurity risk within increasingly complex vendor relationships. The legal process serves a constructive role by reinforcing the importance of sound security practices and providing an accountability framework that protects confidential information.”
The lawsuit against Fiserv, filed in federal court in Connecticut, asserts claims including breach of contract, negligence, fraud, and violations of trade secret laws. The credit union is seeking damages, legal fees, the return of payments tied to the allegedly insecure platforms, and a declaratory judgment the credit union may terminate its core processing contract without an early termination fee.
The credit union is represented by Charles; Brian Rich, partner; Matthew Smith, associate; and Xun Chen, associate.
Charles has represented five credit unions in litigation against Fiserv, and he maintains a national practice helping banks and credit unions navigate disputes with their core technology providers. Beyond his litigation work, Charles is also a frequent speaker at financial institution industry conferences, sharing his insights on managing the cybersecurity risks posed by technology vendors.
Charles’s advocacy has even caught the attention of government regulators. He has been tapped to present specialized training programs on third-party vendor risk management to financial institution supervisors—a testament to his status as a sought-after thought leader and trusted advisor in this complex and rapidly evolving field.
The CUDaily has provided extensive, ongoing coverage of the case, breaking news of the initial filing of the lawsuit as well as the subsequent order granting the credit union’s motion for expedited discovery.
This case was also covered by CUInsight, , and CUToday, .