Image credit: shutterstock.com/PiotrSwat

Plaid slapped with class action over hidden data sale

Claimants have accused fintech company Plaid of deceptively collecting and selling information intercepted from customers logging in to their bank accounts. 

A class-action complaint filed in San Francisco federal court on Tuesday alleged that Plaid – a technology platform that enables apps to connect with and verify users’ bank accounts – accessed and stored the account login details and financial transactions of millions of customers, in breach of federal and state anti-hacking laws and the federal Stored Communications Act.

The plaintiffs said Plaid used deceptive design to fool users into thinking they were entering their details into their secure banking site. Plaid allegedly directed users to login screens it controlled, but were fitted with branding associated with customer’s banks. Branding the conduct “spoofing”, the plaintiffs said it lulled consumers into a false sense of security, resulting in “increased customer conversion”.

In the process, users were unknowingly handing over vast amounts of transactional data, the complaint said, including information on healthcare, education, transportation, politics, dining and other habits, as well as an average of 1,750 unique locations to which the transactions were mapped. 

According to the complaint, once Plaid acquired a consumer’s login credentials, it also accessed personal information such as addresses, contacts, names of any joint account holders, authorised users, and related accounts used for minors. 

The complaint noted that in May last year, Plaid’s co-founder Zach Perret confirmed that “the scope of Plaid’s data collection had grown to encompass tens of millions of consumers”. In January, Plaid sold the vast store of financial data – collected from over 200 million accounts – to Visa for $5.3 billion.

Lead plaintiffs James Cottle and Frederick Schoeneman on behalf of class members said in the complaint that they are suing the financial services company as a result of “suffer[ing] egregious invasions of privacy” and for economic damages which include the heightened risk of identity theft and fraud. 

A Plaid spokesperson told GDR that it disputes the “baseless” allegations and plans to defend itself against the lawsuit. 

“Plaid firmly believes that consumers should have permission-based access to and control over their financial data, and embodies these principles in our practices. To be clear, Plaid does not obtain consumers’ personal information without their consent, nor does Plaid sell or rent consumers’ personal information,” it said.

Counsel to plaintiffs

Herrera Purdy

Partners Shawn Kennedy, Andrew Purdy and Brett Hembd in Newport Beach, California and Partners Nicomedes Herrera and Laura Seidl in Oakland, California

Lieff Cabraser Heimann & Bernstein

Partners Michael Sobol and Melissa Gardner in San Francisco, California and Partner Rachel Geman in New York, New York with the assistance of Madeline Gomez in Nashville, Tennessee

Burns Charest

Partner Christopher Cormier in Denver, Colorado and Partner Warren Burns with the assistance of Russell Herman in Dallas, Texas

With the assistance of C. Jacob Gower in New Orleans, Louisiana

Documents

  • Plaid Complaint

    Download document Plaid Complaint