Coinbase’s “data plumber” denies storing users’ login credentials in plain text, and all the other allegations in a new class action complaint.
A source close to Plaid, the company that serves as a “data plumber” to Coinbase, Robin Hood, Square’s Cash App and many others, denied all allegations of the class action complaint that was recently filed.
The entire complaint hinges on the allegation that Plaid sells user data to the “highest bidder”. A Plaid spokesperson called this allegation “baseless”.
A money-making operation?
A source close to Plaid’s legal team, speaking to Cointelegrpah on the condition of anonymity, reaffirmed that the company has never sold user data in any shape or form. They also opined that this is just a “money-making operation” for the lawyers:
“They see companies in a particular position, like getting acquired or having an investment. And that’s a big money-making operation for them.”
This statement refers to the fact that Plaid is in the process of being acquired by Visa — a deal which has not yet been finalized. This puts Plaid in a vulnerable position.
Visa did not respond to Cointelegraph’s request for comment.
PNC Bank blocked Plaid in 2019
The complaint alleged that Plaid collects data going back five years and going forward “in perpetuity”. They also allegedly collect health-related data without storing it in compliance with the Health Insurance Portability and Accountability Act, or HIPAA. Our source assured Cointelegraph that Plaid only stores the amount of data necessary for the services it provides. They also said that the company does not intentionally collect users’ health data.
The source also denied the allegation that Plaid stores users’ login credentials in “plain text”, making it vulnerable to hackers. On the contrary, the company takes “security very seriously”, the source said.
The complaint mentioned a case from 2019, when PNC Bank blocked Plaid. They state that the reason was that “aggregators access account numbers, many store them indefinitely, often unbeknownst to customers”. Our source declined to comment on this case.
Coinbase relies on Plaid
“For US customers, you can verify your account in just a few minutes by entering your bank credentials. You may be familiar with this process if you’ve ever verified a bank account on Paypal or similar services. These banking credentials are never sent to Coinbase, but are shared with an integrated, trusted third-party, Plaid Technologies, Inc., to facilitate instant account verification. This service may store the provided credentials for verification purposes or use them on a per-transaction basis for fraud prevention, and to help verify a sufficient balance is available to process your transaction.”
Coinbase has not replied to our request for comment in time for publication.
As we have learned from numerous legal cases, a resolution may take some time. On the other hand, Plaid’s unfinalized acquisition places it in a vulnerable position. That may lead this case to a settlement sooner than would be otherwise expected.
The plaintiff’s legal team did not respond to Cointelgraph’s inquiry.