CHICAGO (CBS) – Customers seek great deals from online discount retailer Temu. However, a class-action lawsuit claims Temu is getting a lot more in return, with shoppers often unaware of the company’s data collection/sharing policies and activity.
The complaint was filed in Illinois in November by the Hagens Berman law firm on behalf of seven named plaintiffs from Illinois, California, Massachusetts, and Virginia — as well as unnamed others similarly situated.
The lawsuit alleges Temu violates its customer’s privacy rights by collecting private data and using “deceptive” and “unscrupulous” practices to access that data.
Plaintiffs’ lawyers in the lawsuit claim experts, including their independent expert, have reviewed the Temu app and found the “app is purposefully and intentionally loaded with tools to execute virulent and dangerous malware and spyware activities on user devices” and concluded, “Temu misled people about how it uses their data.”
“We believe that is intentional,” said Jeannie Evans, one of the plaintiffs’ attorneys.
In the complaint, Evans said, “We talk about how Temu requests at least 24 permissions for all kinds of information that would not be needed for an online shopping app.”
According to the complaint, those permissions include access to Bluetooth and Wi-Fi network information and biometric data like fingerprints.
A second class-action lawsuit, filed in New York state in September 2023 on behalf of plaintiff Eric Hu and others, accuses Temu of collecting customers’ private information and not keeping it secure.
Hu v. Temu et al alleges, “Defendant grossly failed to comply with security standards and allowed its customers’ financial information to be compromised, all in an effort to save money by cutting corners on security measures that could have prevented or mitigated the Breach.
That complaint notes many customers reporting to the Better Business Bureau about their credit card and bank information being sold or leaked after using those accounts on Temu.
Miguel Koenig, from Michigan, is not a member of either class-action lawsuit. But he did reach out after the CBS 2 Investigatorsa Better Business Bureau (BBB) warning about Temu in September 2023.
At the time, the BBB said that Temu, a Chinese company, was warning shoppers about customer complaints and privacy concerns. The BBB had received 900 complaints in the company’s first 14 months of operation.
Koenig says he downloaded the Temu app, created an account, and provided Temu with his bank routing information to make future purchases easier, “so you don’t have to keep putting in a debit card,” he said.
He bought several products for around $45.
Then he said he noticed something unusual. He produced the email he sent to Temu about the sudden unknown charges on his bank account.
“There were about 17 different charges … about $2,300 that went missing,” Koenig said.
He said he fought those charges with his bank.
Koenig also complained about a flood of emails from other places, not Temu, about credit offers.
“I mean, every day I get a letter saying, ‘You just got approved,’ and I never signed up for nothing,” he said.
Attorney Jeannie Evans says these are common issues.
“We’ve talked to many members of the Temu platform, and we’ve heard similar reports,” Evans said.
In the class-action lawsuit, Evans’ firm details how they believe customer issues like those happen when shoppers download the app.
Specifically, Evans mentioned, “It can gain access to your camera on your phone; to your microphone on your phone that could be collecting biometric information, face images, voice prints.”
Temu began operating in September 2022It’s part of PDD Holdings.
“We categorically deny the allegations and intend to vigorously defend ourselves against these meritless lawsuits. The complaints parrot a report put out by a short-seller, calling itself Grizzly Research, which has an obvious incentive to try to drive down Temu’s stock price through misinformation. The report even includes a disclaimer that its contents are ‘not statements of fact.’
“We do not sell customer data to third parties.”