A class action by aggrieved users of various payment apps such as Venmo, Square’s Cash App, and Stripe filed a lawsuit against fintech company, Plaid. According to the lawsuit, Plaid allegedly garnered sensitive financial information without the users’ knowledge or consent.
Plaid Sold Users’ Sensitive Financial Data to Third Parties
According to the complaint filed at the U.S. District Court for the Northern District of California, the volume of financial data at the disposal of Plaid could cause the accounts of users to be compromised. Also, such accounts could serve as a prime target for identity theft and other types of criminal activity.
The fintech company helps to various mainstream payment apps such as Stripe and Venmo, and crypto exchanges like Coinbase to users’ bank accounts. In January 2020, Major payments processor, Visa, announced it was acquiring the startup for $5.3 billion.
Also, the class action complaint stated that partnership with these payment apps meant that Plaid had access to hundreds of millions of user data. The company reportedly claimed that it helped to link to 11,000 financial institutions from about “200 million distinct financial accounts.”
Through its partnership with various payments app, the fintech firm was able to gather sensitive financial information used to trace financial activities five years prior and also track transactions forever.
An excerpt from the lawsuit reads:
“After Plaid has gathered reams of a user’s sensitive personal data, Plaid aggregates the data with that of millions of other users, chops it up, and sells it to the highest bidder. These invasions of privacy are not incidental to an otherwise valid business model. Plaid’s very purpose is to invade users’ privacy for profit.”
Security Gaps in Crypto Platforms Give Hackers Unlimited Access
Additionally, the Plaintiff claimed that the gathering of consumer data was done through deceitful means, with consumers unknowingly supplying Plaid with sensitive financial details. Furthermore, the Plaintiff asked the court to order the fintech company to stop its illegal activities and surrender users’ credentials, and profits got from data accumulation.
In its defense, a spokesperson for the fintech startup said:
“Plaid does not sell and has never sold consumers’ personal information or data. Consumer data is obtained and used with consumer consent. We believe strongly that consumers should have permission-based access to and control over their financial data, and embody these principles in our practices.”
The cryptocurrency industry has also had its fair share of data breaches, with hackers exploiting security loopholes to access users’ personal information.
As reported by CryptoPotato this June, Coincheck, a Japanese crypto exchange, announced a data breach on its platform, where a third-party gained unauthorized access to emails and personal information belonging to some of Coincheck’s customers.
Also, an unknown hacker reportedly in possession of personal details belonging to customers of crypto hardware wallets, Ledger and Trezor, threatened to sell the sensitive information. Trident Crypto Fund additionally suffered a data breach, with about 266,000 passwords stolen from the platform.