Data Breach Class Action Claims Temu’s In-App Web Browser Secretly Tracks Users [UPDATE]
Last Updated on March 12, 2024
Hu v. Whaleco, Inc.
Filed: September 20, 2023 ◆§ 1:23-cv-06962
A class action claims Temu has secretly collected “massive” amounts of users’ private data by tracking their internet activity through its in-app browser.
Electronic Communications Privacy Act of 1986 New York General Business Law Computer Fraud and Abuse Act
New York
March 7, 2024 – Amended Complaint Filed for Temu Data-Tracking LAwsuit
An amended complaint for the Temu data breach lawsuit detailed on this page was filed on February 19, 2024.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 131-page revised lawsuit includes 12 additional plaintiffs and accuses Temu of violating significantly more state-specific consumer protection and privacy laws. Additionally, the case alleges that Temu secretly shares “vast quantities of private and personally identifiable user data” with its China-based parent company, PDD Holdings.
These unauthorized transfers pose a potential security risk given that PDD Holdings is bound by Chinese law requiring companies to provide the government “unobstructed access” to user data upon request, the amended filing says. According to the suit, this information could be used “to identify, profile, and track the physical and digital location and activities of United States users now and in the future.”
Temu has come under government scrutiny for these privacy concerns, causing lawmakers to propose a complete ban of the app and other platforms that are “effectively controlled” by the Chinese Communist Party, the case relays.
The amended complaint also takes issue with alleged “deficiencies” and “ambiguities” in Temu’s privacy policy, which the case says fails to adequately disclose what specific data it collects from users and where this information is sent.
ClassAction.org will continue to update this page as the Temu lawsuit progresses, including if there is a settlement, so be sure to check back often.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
A proposed class action claims Temu has secretly collected “massive” amounts of users’ private data by tracking their internet activity through its in-app browser.
Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.
The 29-page case alleges the Chinese fast fashion retailer injects hidden JavaScript code into the websites users visit whenever they click a link within the Temu app, allowing it to monitor consumers’ offsite activity and record details exposed during these interactions. This “spyware” collects all kinds of data without users’ knowledge or consent, including their names, addresses, email addresses, phone numbers, credit card or banking information, biometric data and Social Security numbers, the lawsuit contends.
According to the filing, Temu’s “clandestine tracking activities” are a violation of federal wiretap laws and unlawfully intrude upon users’ privacy. At the expense of these consumers, Temu has reaped substantial profits from its alleged “wiretapping” practice, as the data the company collects helps it develop more targeted marketing and advertising strategies, the case says.
The complaint further claims the company behind Temu, defendant Whaleco, Inc., has cut corners on cybersecurity measures in an effort to save money, leaving consumers’ private data vulnerable to unauthorized access. Per the filing, the defendant’s data security failures have enabled hackers to steal users’ information, placing them at a “serious and ongoing” risk of identity theft and financial fraud.
In fact, the suit relays, the Better Business Bureau has received an influx of complaints from consumers who say they experienced fraudulent bank account withdrawals or unauthorized credit card purchases soon after they began making purchases on Temu.
The complaint goes on to say that the shopping app contains malicious software, or malware, that is able to avoid detection by a user’s phone and send files from their device to its own servers “with little or no encryption.”
Notably, the suit says, Temu’s “heritage of malware” traces back to a separate shopping app its parent company owns, Pinduoduo. In March 2023, Google pulled Pinduoduo from its app store after finding that the Chinese-owned app contained malware that could be used to spy on users and competitors, the filing says. A majority of the engineers who developed this software were then transferred to work for Temu, the filing claims.
The lawsuit looks to represent anyone in the United States who has registered an account with Temu since July 2022.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Talcum Powder Cancer Lawsuits
Women who used Johnson & Johnson’s talcum powder and developed ovarian cancer may be able to take legal action.
Get in touch here: Talcum Powder Cancer Lawsuits
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.