Many online banking, stock trading, crypto, and fintech apps use the Plaid service to provide easy funding via your existing bank accounts. The price of this convenience is that you are providing some very sensitive data to a small, private company. They have your bank login information and can see all your transaction data. (Visa was in an agreement to acquire Plaid for over $5 billion, but it was cancelled to due antitrust concerns.) A recent Plaid class action lawsuit alleges the following improper actions:
The allegations include that Plaid: (1) obtained more financial data than was needed by a user’s app, and (2) obtained log-in credentials (username and password) through its user interface, known as “Plaid Link,” which had the look and feel of the user’s own bank account login screen, when users were actually providing their login credentials directly to Plaid. Plaid denies these allegations and any wrongdoing and maintains that it adequately disclosed and maintained transparency about its practices to consumers.
(You may have gotten an e-mail about this as early as mid-January. Thanks to those who sent it in as well. I still managed to forget about it until writing a post about firewall bank accounts to avoid such data privacy concerns.)
If you connected your financial account(s) to a mobile or web-based app that has used Plaid between January 1, 2013 and November 19, 2021 in the United States, you may be eligible for a payment from this class action Settlement. This might include Venmo, Robinhood, Chime, SoFi, Coinbase, OnJuno, Lili, M1 Finance, or Blockfi just off the top of my head. I don’t have any special insights about the merits of this lawsuit, but the proposed settlement amount is for $58 million with the payout per claim being unknown. The settlement also requires Plaid to:
- Delete certain data from Plaid systems;
- Inform Class Members of their ability to use Plaid Portal to manage the connections made between their financial accounts and chosen applications using Plaid and delete data stored in Plaid’s systems;
- Continue to include certain disclosures and features in Plaid’s standard Link flow;
- Enhance disclosures about Plaid’s data collection practices, how Plaid uses data, and privacy controls Plaid has made available to uses in Plaid’s End User Privacy Policy;
- Minimize the data that Plaid stores; and
- Continue to host a dedicated webpage with detailed information about Plaid’s security practices.
The deadline to submit a claim is April 28, 2022.
Thank you, Jonathan,
Looking over the requirements are somewhat stiff. They expect us to keep the records even approximate on such details, remotely related to keeping receipts for tax filing purposes.
They are asking for all this data…
Name of Financial Institution (such as Bank or Credit Union) where you Own/Owned Financial Account(s) Name of App or Service You Connected to Your Financial Account(s)
Approximate Date (Month/Year) of Connection to your Financial Account(s)
I have no ideas what banks I connected and when.
You just need to list one financial institution that uses Plaid, and the approximate date is asked because it needs to be within the eligible dates. You don’t need to list all of them. Doesn’t seem too bad to me.