Envestnet hit with data security lawsuit

Technology giant Envestnet and its subsidiary, financial data aggregator Yodlee, have been slapped with a proposed class action lawsuit alleging the TAMP fails to safeguard consumer data, putting consumers at risk of fraud and identity theft. 

The claims against Envestnet Yodlee include the alleged mishandling of data collected from individuals without authorization and distributing it in unencrypted plain text files that can be accessed by anyone, according to the Aug. 25 complaint filed in the U.S. District Court for the Northern District of California. 

Further, the complaint alleges Yodlee’s distribution of client data caused economic loss that exceeds $5,000 per year for each individual impacted. 

“We believe the claims filed are baseless and intend to vigorously defend ourselves,” said a spokesperson on behalf of Envestnet Yodlee. “As a matter of policy, neither Envestnet nor Yodlee comments on pending litigation. However, we adhere to leading industry practices for data security and privacy and adhere to applicable laws and industry guidance regarding the use of consumer data.” 

[More: Envestnet denied motion to dismiss claims in $100 million lawsuit]

The class action complaint was brought by New Jersey-based resident Deborah Wesch, who claims she connected her PNC Bank account to PayPal using a Yodlee powered portal in order to facilitate transfers among those accounts. “At no time was it disclosed by PayPal, Yodlee, or PNC Bank that the Defendants would continuously access Plaintiff’s bank account to extract and sell data without her consent,” according to the filing. 

The 47-page complaint highlights several other instances where Envestnet Yodlee’s consumer data security has come into question, including when three members of Congress wrote a letter demanding the Federal Trade Commission investigate Envestnet Yodlee to determine if the way the data aggregation firm sells consumers’ personal financial data is breaking the law.

The lawmakers’ concern is that Envestnet is not doing enough to notify consumers that their data is being sold to third parties, even if it is anonymized. This could be in violation of the FTC Act’s prohibitions against unfair and deceptive practices.

Yodlee’s size also added fuel to the fire, according to the complaint. The TAMP is able to deliver data from more than 21,000 financial institutions, lawmakers wrote in the letter.

The tech provider, too, is arguably the largest aggregator of consumer financial data in the country as large banks, brokerages, independent advisers and financial technology startups rely on Yodlee to access, collect and analyze information from various financial accounts. It was acquired by Envestnet in 2015 for $660 million.

According to Envestnet’s Form 10-K, in February 2020, the FTC issued a civil investigative demand to Envestnet for various documents related to this matter. “These claims or liabilities could subject us to unexpected costs and have a material adverse effect on our results of operations, financial condition or business,” the firm noted in the SEC filing. 

Envestnet has risen to become one of the largest TAMPs in large part because of its acquisition of data aggregator Yodlee. Other major acquisitions — including Tamarac and MoneyGuidePro — have been at the center of Envestnet’s expansive growth over the past decade.

The post Envestnet hit with data security lawsuit appeared first on InvestmentNews.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *