Venmo, Stripe, Square’s Cash App, and Coinbase are just a few of the thousands of financial services apps that use banking authentication services provided by a company called Plaid. Founded in 2013, Plaid, a financial technology company, claims to connect to more than 11,000 banking institutions worldwide, allowing them to interact with day-to-day banking, investment, and cryptocurrency apps used by millions. This has given the company an extraordinary level of access to a truly massive amount of user banking information.
A class action lawsuit filed against Plaid in early May 2020 alleges that the company used that access to illegally collect detailed private user banking data. This information was then sold to other parties. Plaid allegedly collected data going back five years, with an average of 3,700 transactions per user accessed, according to the lawsuit.
Plaid provides account authentication services for non-bank financial services apps. These include payment apps like Square’s Cash App, investment apps like Robinhood, and cryptocurrency apps like Coinbase. These apps require that users link their on-app account to a bank account, and Plaid is the portal through which that link can be created and authenticated. Plaid’s services are used by more than 2,000 apps. As a result, Plaid has access to the bank accounts of nearly 1 in 4 Americans.
This extensive access allegedly allowed Plaid to improperly access and sell the private information contained in more than 200 million accounts. Aside from any direct financial benefit Plaid obtained from selling this information, their expertise in collecting and handling financial data greatly increased their value as a company in the financial technology industry. According to industry observers, Plaid’s valuation in 2018 at $2.65 billion and Visa’s acquisition of the company in 2020 for $5.3 billion can be at least partially attributed to the mountain of individual banking data it has acquired.
Illusion Of Banking Security
Plaid became part of the bedrock of day-to-day financial activity so quietly that many Americans might have never heard of it, despite the fact that it powers so many of the financial apps we use every day.
As outlined in the complaint, when users are prompted to link their bank account when they open an account with, for example, Venmo, they are taken to a Plaid authentication screen. But users might not realize, because instead of Plaid’s logo and branding, the screen is instead designed to look like it belongs to the bank itself. So if a user was trying to connect a Bank of America account, they would be taken to a screen featuring the Bank of America logo and branding.
This practice allowed Plaid to collect the banking information of millions of people, all while staying under the radar.
Fighting For Accountability And Compensation
“Among the most valuable and sensitive of all consumer data is the personal financial information maintained in consumers’ banking and other financial accounts.” Those who have had their private financial information misused and exploited for corporate gain deserve to see Plaid held accountable and forced to change its behavior. Furthermore, Plaid should pay compensation for the damages they have caused.
Morgan & Morgan data breach lawyers are fully invested in the fight for data privacy and security for all Americans. Led by John Yanchunis, a national leader in the field of data breach lawsuits, our lawyers have achieved meaningful results and made a real difference in the everyday lives of millions.
If you have had your data improperly accessed, handled, or exposed due to the negligence of a corporation like Plaid, we’re here to help. Give us a call to get your case reviewed for free, 24/7.