Greenville, PA (July 17, 2026) |
A Pennsylvania credit union has filed a class action lawsuit in federal court against TruStage Financial Group, Inc. after a cyberattack forced the Madison, Wisconsin-based company to shut down its systems this week.
TruStage provides insurance and financial services to credit unions across the country — and, through them, to millions of American consumers. The lawsuit, filed by Bessemer System Federal Credit Union, alleges that TruStage failed to implement and maintain adequate, industry-standard cybersecurity safeguards, culminating in the cybersecurity incident TruStage disclosed on July 15, 2026.
According to the complaint, unauthorized third parties are believed to have accessed TruStage’s systems, and the resulting shutdown has disrupted services that credit unions depend on daily. The complaint alleges that normal business operations with TruStage have come to a halt.
The lawsuit is brought on behalf of a proposed nationwide class of credit unions and individuals affected by the breach. It seeks damages, recovery of payments made for allegedly deficient services, reimbursement of breach-related expenses, and declaratory and equitable relief.
“Protecting members is at the heart of everything a credit union does,” said Joy Peterson, Chief Executive Officer of Bessemer System Federal Credit Union. “Pursuing a legal claim is the most powerful tool a credit union has to protect its members and obtain compensation from culpable third-party vendors.”
“The credit union movement is about member advocacy, and this case is about advocacy for the entire movement,” said Charles Nerko of NERKO PLLC, an attorney to the credit union and the proposed class. “Every credit union is entitled to vendors whose security practices match their security promises. When a vendor’s performance causes harm, credit unions deserve compensation.”
In a July 15, 2026 public statement, TruStage acknowledged that it “recently identified a cybersecurity incident affecting its environment and immediately activated its incident response and recovery protocols,” and said it “has engaged external cybersecurity experts to support containment, remediation and recovery efforts.” A notice on the company’s website states: “Our systems are down as we are investigating a recent cybersecurity incident.” News reports indicate TruStage took its network offline after detecting suspicious activity and told customers they may have difficulty accessing account information, completing transactions, or submitting requests online.
The complaint contrasts these events with TruStage’s own security assurances — including its privacy policy and 2025 security materials provided to credit union clients — which state that the company protects information through administrative, physical, and technical safeguards.
Bessemer System Federal Credit Union was founded by employees of the Bessemer and Lake Erie Railroad in Greenville, Pennsylvania, where it remains headquartered, and expanded to serve the broader community in 2005.
The credit union and the proposed class are represented by Charles Nerko of NERKO PLLC, a law firm founded to advocate for credit unions in vendor disputes through its Third-Party Advantage® program; Lori G. Feldman of Hecht Partners LLP; and Kara A. Elgersma of Wexler Boley & Elgersma LLP.
The case is Bessemer System Federal Credit Union v. TruStage Financial Group, Inc., pending in the U.S. District Court for the Western District of Wisconsin.