Class Action Lawsuit Alleges Visa Subsidiary Violated Privacy And Data Protections Of Venmo, Stripe, Square’s Cash App, Robinhood & More

A new class action alleges that Plaid, which Visa recently bought for over $5 billion, had unparalleled access to the financial information of millions of users. Class Action Lawsuit Alleges Visa Subsidiary Violated Privacy And Data Protections Of Venmo, Stripe, Square’s Cash App, Robinhood & More

June 25, a new class action was filed in California against fintech startup Plaid, which was acquired by Visa for $5.3 billion earlier this year. The plaintiffs allege that Plaid violated privacy and data protections by accumulating and monetizing financial transactions of millions of users.

The complaint alleges that the company accumulated this data by “data plumbing” popular services like Venmo, Stripe, Square’s Cash App and Robinhood. It purports that Plaid knew:

“Every dollar you deposit or withdraw, every dollar you charge or pay to your credit card, and every dollar you put away for retirement, within hours after you make the transaction. Imagine this includes every book or movie ticket or meal you purchase, every bill you pay to a doctor or hospital, and every payment you make (or miss) on your mortgage, student loan or credit card bill.”

Updated: 7-2-2020

Coinbase’s “Data Plumber” Denies All Allegations

Coinbase’s “data plumber” denies storing users’ login credentials in plain text, and all the other allegations in a new class action complaint.

A source close to Plaid, the company that serves as a “data plumber” to Coinbase, Robin Hood, Square’s Cash App and many others, denied all allegations of the class action complaint that was recently filed.

The entire complaint hinges on the allegation that Plaid sells user data to the “highest bidder”. A Plaid spokesperson called this allegation “baseless”.

A Money-Making Operation?

A source close to Plaid’s legal team, speaking to Cointelegrpah on the condition of anonymity, reaffirmed that the company has never sold user data in any shape or form. They also opined that this is just a “money-making operation” for the lawyers:

“They see companies in a particular position, like getting acquired or having an investment. And that’s a big money-making operation for them.”

This statement refers to the fact that Plaid is in the process of being acquired by Visa — a deal which has not yet been finalized. This puts Plaid in a vulnerable position.

Visa did not respond to Cointelegraph’s request for comment.

PNC Bank Blocked Plaid In 2019

The complaint alleged that Plaid collects data going back five years and going forward “in perpetuity”. They also allegedly collect health-related data without storing it in compliance with the Health Insurance Portability and Accountability Act, or HIPAA.

Our source assured Cointelegraph that Plaid only stores the amount of data necessary for the services it provides. They also said that the company does not intentionally collect users’ health data.

The source also denied the allegation that Plaid stores users’ login credentials in “plain text”, making it vulnerable to hackers. On the contrary, the company takes “security very seriously”, the source said.

The complaint mentioned a case from 2019, when PNC Bank blocked Plaid. They state that the reason was that “aggregators access account numbers, many store them indefinitely, often unbeknownst to customers”. Our source declined to comment on this case.

Coinbase Relies On Plaid

Coinbase’s website confirms that the company relies on Plaid for account verification and the data is never shared with the exchange, but stays with its “data plumber”:

“For US customers, you can verify your account in just a few minutes by entering your bank credentials. You may be familiar with this process if you’ve ever verified a bank account on Paypal or similar services.

These banking credentials are never sent to Coinbase, but are shared with an integrated, trusted third-party, Plaid Technologies, Inc., to facilitate instant account verification. This service may store the provided credentials for verification purposes or use them on a per-transaction basis for fraud prevention, and to help verify a sufficient balance is available to process your transaction.”

Coinbase has not replied to our request for comment in time for publication.

As we have learned from numerous legal cases, a resolution may take some time. On the other hand, Plaid’s unfinalized acquisition places it in a vulnerable position. That may lead this case to a settlement sooner than would be otherwise expected.

The plaintiff’s legal team did not respond to Cointelgraph’s inquiry.

Class Action Lawsuit Alleges,Class Action Lawsuit Alleges,Class Action Lawsuit Alleges,Class Action Lawsuit Alleges,