Close Close

Practice Management > Building Your Business

Envestnet, Yodlee Sued Over Consumer Data Collection

Your article was successfully shared with the contacts you provided.
A judge's gavel over money (Image: Shutterstock)

Envestnet and its Yodlee software subsidiary have been sued over the way Yodlee collects, uses and secures consumer data.

In a class action suit filed Aug. 25 in U.S. District Court for the Northern District of California, plaintiff Deborah Wesch of New Jersey says she and other consumers have been put at risk by the companies because they have not been adequately protecting consumer data and have failed to put in place sufficient security protocols in the U.S.

Many U.S. consumers also don’t often even know they are providing their personal data to the firms because Yodlee “surreptitiously collects such data from software products that it markets and sells to some of the largest financial institutions in the country,” including Bank of America, Citibank and Merrill Lynch, as well as digital payment platforms including PayPal, Wesch alleged in the complaint.

“Yodlee, in turn, acquires financial data about each individual that interacts with the software installed on its customers’ systems,” but those individuals “often have no idea they are dealing with Yodlee,” according to the complaint.

Envestnet on Wednesday denied the accuracy of the claims. “We believe the claims filed are baseless and intend to vigorously defend ourselves,” an Envestnet | Yodlee spokesperson told ThinkAdvisor by email.

“As a matter of policy, neither Envestnet nor Yodlee comments on pending litigation. However, we adhere to leading industry practices for data security and privacy and adhere to applicable laws and industry guidance regarding the use of consumer data,” the spokesperson added.

More Details

Wesch “connected her PNC Bank account to PayPal using a Yodlee-powered portal in order to facilitate transfers among those accounts,” she said in the complaint, adding: “At no time was it disclosed by PayPal, Yodlee, or PNC Bank that the Defendants would continuously access Plaintiff’s bank account to extract and sell data without her consent.”

That was “especially troubling as reports have revealed that Defendants are mishandling the data they collected from individuals without authorization by distributing it in unencrypted plain text files,” the complaint alleged, adding: “These files, which can be read by anyone who acquires them, contain highly sensitive information that make it possible to identify the individuals involved in each transaction.”

The “failure” of Yodlee to “take even the most basic steps to protect this highly sensitive data (e.g., requiring a password to open such files) has placed Plaintiff and all Class members at significant risk of fraud and identity theft,” according to the complaint. The risk to consumers was “especially heightened given Yodlee’s practice of reselling the data it collects — without authorization — to third parties,” the plaintiff alleged.

Separate Dispute

Envestnet, meanwhile, suffered a setback in its legal dispute with FinancialApps as the latter firm defeated Envestnet’s motion to dismiss the suit filed against Envestnet and Yodlee last year that accused them of misappropriating FinancialApps’ proprietary software platform.

On Aug. 25, Judge Colm F. Connolly of U.S. District Court for the District of Delaware, adopting the July 6 recommendation of Magistrate Judge Christopher J. Burke, ruled in a memorandum order that the case could proceed.

FinancialApps is seeking over $100 million in damages, claiming Envestnet and Yodlee were guilty of trade secret misappropriation, fraud and breach of contract. The case can now proceed to discovery, FinancialApps said.

Commenting after Judge Connolly’s decision, the Envestnet | Yodlee spokesperson told ThinkAdvisor: “Notwithstanding the plaintiff-friendly standard on a motion to dismiss whereby the Court must accept all of FinancialApps’s allegations as true, the Court ruled in favor of Envestnet and Yodlee and actually dismissed two counts, including claims alleging copyright infringement and violations of the Illinois Deceptive Trade Practices Act.”

The spokesperson added: “The claims filed by FinancialApps are baseless and we are vigorously defending ourselves. We hold ourselves to the highest ethical standards with regard to business dealings with customers, partners, and employees, particularly with respect to intellectual property rights.”

— Related on ThinkAdvisor: