In August 2018, Brian Krebs investigated into Fiserv's security and privacy flaws and uncovered authentication weakness allowing bank customers to view account data for other customers, including account number, balance, phone numbers and email addresses.
Fast forward to just a few days ago, Bessemer Systems Federal Credit Union sued Fiserve, saying it was moved by Kreb's findings and decided to launch its own investigation. The result into Fiserv’s systems uncovered a startlingly simple flaw: Firsev’s platform would let anyone reset the online banking password for a customer just by knowing their account number and the last four digits of their Social Security number.
Read KrebsOnSecurity's deep dive into the events that led up to this lawsuit.
A Pennsylvania credit union is suing financial industry technology giant Fiserv, alleging that “baffling” security vulnerabilities in the company’s software are “wreaking havoc” on its customers. The lawsuit was prompted by a 2018 KrebsOnSecurity report about glaring security weaknesses in a Fiserv platform that exposed personal and financial details of customers across hundreds of bank Web sites. Fiserv, Fortune 500 company with 24,000 employees and $5.8 billion in earnings last year, has account and transaction processing systems powering websites — mostly small community banks and credit unions. August 2018, in response to KrebsOnSecurity, Fiserv fixed a pervasive security and privacy hole in its online banking platform. The authentication weakness allowed bank customers to view account data for other customers, including account number, balance, phone numbers and email addresses. Late April 2019, Fiserv was sued by Bessemer System Federal Credit Union.