SoFi data breach class action overview:
- Who: Plaintiff Joshua Cook filed a class action lawsuit against SoFi Technologies Inc.
- Why: Cook claims SoFi failed to protect consumers’ personal information from a data breach.
- Where: The SoFi data breach class action lawsuit was filed in California federal court.
A new class action lawsuit alleges SoFi Technologies, a fintech company operating as a one-stop digital bank and lending platform, failed to properly secure and safeguard customers’ personal information during a data breach in late 2025.
Plaintiff Joshua Cook claims the data breach compromised the names, dates of birth, addresses, email addresses, phone numbers, employment information and education information of at least 38,049 individuals.
Cook wants to represent a nationwide class and an Illinois subclass of individuals who had their personal information compromised in the SoFi data breach.
According to the SoFi class action lawsuit, the company failed to timely notify affected consumers about the data breach or offer adequate assurances that their personal information has been recovered or destroyed.
Cook claims SoFi failed to properly monitor or implement reasonable data security measures to protect consumers’ personal information.
Cook accuses SoFi of negligence, negligence per se, breach of contract, breach of implied contract and unjust enrichment. He also asserts claims for declaratory judgment and violations of the Illinois Consumer Fraud and Deceptive Business Practices Act.
SoFi data breach lawsuit claims company failed to comply with industry standards
Cook argues that SoFi had obligations created by contract, industry standards, common law and representations made to consumers to keep their personal information confidential and to protect it from unauthorized access and disclosure.
The SoFi class action lawsuit points to the substantial increase in cyberattacks in recent years and argues SoFi knew or should have known that its electronic records would be targeted by cybercriminals.
Cook says SoFi failed to comply with Federal Trade Commission guidelines and industry standards to protect consumers’ personal information.
The plaintiff demands a jury trial and requests an order certifying the class action lawsuit. Cook also requests injunctive and other equitable relief, including an order requiring SoFi to implement improved data security measures and purchase or provide funds for lifetime credit monitoring and identity theft insurance for the class members.
If your personal information was compromised in a data breach involving a healthcare provider or financial organization, you may have legal options.
What do you think about the allegations made in this SoFi data breach class action lawsuit? Tell us your thoughts in the comments.
The plaintiff is represented by M. Anderson Berry, Gregory Haroutunian and Brandon P. Jack of Emery Reddy P.C. and Neil P. Williams of Siri & Glimstad LLP.
The SoFi data breach class action lawsuit is Cook v. SoFi Technologies Inc., Case No. 3:26-cv-01722, in the U.S. District Court for the Northern District of California, San Francisco Division.
Don’t Miss Out!
Check out our list of Class Action Lawsuits and Class Action Settlements you may qualify to join!
Read About More Class Action Lawsuits & Class Action Settlements:
- Amazon class action dismissed after judge finds plaintiffs failed to state valid CPA claim
- Boston Red Sox class action alleges team used ‘drip pricing’ for tickets
- Ford recalls 48,000 vehicles due to valve failure concerns
- Dollar Tree class action claims retailer printed too many credit card digits on receipts
