State Sues Temu, Alleging Theft of Customer Data
- posted: Aug. 15, 2025
- Business Litigation
In fewer than three years, the Chinese-owned online shopping platform Temu has become immensely popular, with hundreds of millions of visits each month. The website is known for offering various types of products, including clothes and household goods, at a low cost. Though Temu continues to attract massive traffic, it has also drawn criticism for the quality of its products and the labor practices used by the site’s China-based suppliers, Now, the Kentucky Attorney General has taken legal action alleging that the e-commerce giant is illegally capturing and using customers’ personal information.
The lawsuit filed by Attorney General Russell Coleman accuses Temu of violating the Kentucky Consumer Protection Act (KCPA) by collecting sensitive personally-identifiable information (PII) from users without their knowledge or consent. While the complaint notes that this activity in and of itself is unlawful, it also raises concerns based on the fact that Temu, and the company that owns it, are based in China. According to the Attorney General, this means that the Chinese government has access to the data captured from online shoppers.
Temu also allegedly designed its much-downloaded app to evade detection, further compounding privacy and security harms. According to the Attorney General, such intentional obfuscation not only undermines trust but also poses significant risks to consumers who are unaware of the extent to which their information is being exploited. Both Apple and Google have temporarily suspended the Temu app from their respective online stores due to privacy concerns before restoring it.
State investigators have purportedly found that information gathered by Temu goes well beyond what is required to complete digital transactions, including WiFi network information and reports of other apps installed on users’ devices. The complaint characterizes the Temu app as a hacking mechanism. Other allegations in the complaint involve the sale of counterfeit merchandise and the misappropriation of trademarks owned by Kentucky entities.
While the Temu case is obviously high-profile, small and large companies alike that do business in Kentucky need to be aware of the rules governing data collection. The state’s Consumer Data Protection Act goes into effect at the beginning of 2026 and might require significant changes in how a company handles privacy issues and obtains consent for the collection of personal information. If you are accused of laws governing online commerce or other legal standards, don’t hesitate to retain a business litigation attorney who can assess how the law applies to your case and counter the allegations brought against you.
Hemmer Wessels McMurtry PLLC in Fort Mitchell represents companies across Kentucky in a wide range of business litigation matters. Call us at 859-344-1188 or contact us online to learn how we can help you.
State Sues Temu, Alleging Theft of Customer Data
- posted: Aug. 15, 2025
- Business Litigation
In fewer than three years, the Chinese-owned online shopping platform Temu has become immensely popular, with hundreds of millions of visits each month. The website is known for offering various types of products, including clothes and household goods, at a low cost. Though Temu continues to attract massive traffic, it has also drawn criticism for the quality of its products and the labor practices used by the site’s China-based suppliers, Now, the Kentucky Attorney General has taken legal action alleging that the e-commerce giant is illegally capturing and using customers’ personal information.
The lawsuit filed by Attorney General Russell Coleman accuses Temu of violating the Kentucky Consumer Protection Act (KCPA) by collecting sensitive personally-identifiable information (PII) from users without their knowledge or consent. While the complaint notes that this activity in and of itself is unlawful, it also raises concerns based on the fact that Temu, and the company that owns it, are based in China. According to the Attorney General, this means that the Chinese government has access to the data captured from online shoppers.
Temu also allegedly designed its much-downloaded app to evade detection, further compounding privacy and security harms. According to the Attorney General, such intentional obfuscation not only undermines trust but also poses significant risks to consumers who are unaware of the extent to which their information is being exploited. Both Apple and Google have temporarily suspended the Temu app from their respective online stores due to privacy concerns before restoring it.
State investigators have purportedly found that information gathered by Temu goes well beyond what is required to complete digital transactions, including WiFi network information and reports of other apps installed on users’ devices. The complaint characterizes the Temu app as a hacking mechanism. Other allegations in the complaint involve the sale of counterfeit merchandise and the misappropriation of trademarks owned by Kentucky entities.
While the Temu case is obviously high-profile, small and large companies alike that do business in Kentucky need to be aware of the rules governing data collection. The state’s Consumer Data Protection Act goes into effect at the beginning of 2026 and might require significant changes in how a company handles privacy issues and obtains consent for the collection of personal information. If you are accused of laws governing online commerce or other legal standards, don’t hesitate to retain a business litigation attorney who can assess how the law applies to your case and counter the allegations brought against you.
Hemmer Wessels McMurtry PLLC in Fort Mitchell represents companies across Kentucky in a wide range of business litigation matters. Call us at 859-344-1188 or contact us online to learn how we can help you.
