The news: North Carolina-based Self-Help Credit Union is suing Fiserv for alleged lax security practices related to how Fiserv accessed its secure data. Self-Help seeks compensation for fees that it says it paid to enhance security.

Why it’s worth watching: Fiserv has been sued before for allegedly deficient cybersecurity practices. In June, Connecticut’s Cencap FCU filed a lawsuit claiming that an online banking platform and client support portal lacked basic security features. It also challenged an early-termination fee Fiserv assessed after the credit union ended the contract. Other lawsuits were filed in 2019 and 2022 against Fiserv over alleged security issues.

Zoom out: It’s a tumultuous time for Fiserv. New CEO Mike Lyons has been cleaning house since his appointment in May: Fiserv reported catastrophic earnings for Q3, when it missed market estimates, cut its guidance for the year, fired its CFO, and replaced its board chair and audit committee head. Fiserv’s stock dropped 27% as a result and hasn’t regained much ground. Industry consensus was that management gave no plausible explanation for the performance.

Our take: Fiserv’s problems with customer satisfaction are widely known, and its size and industry status make it a magnet for lawsuits. But financial institutions (FIs) are ultimately responsible to customers and regulators for their vendors’ actions, and it’s a huge compliance problem when one doesn’t follow through.

Small FIs are known to struggle with technology talent and budgets, so they depend heavily on partners to meet their obligations. That makes FI oversight of their vendors even more essential.