Women sue Tea app after data breach spilled users’ private information
Tea Dating Advice, an app designed as a safe space for women to anonymously discuss men they’ve dated, faces mounting legal challenges after a data breach last month exposed users’ personal information and images.
On Tuesday, a U.S. magistrate in San Francisco combined five federal class-action lawsuits.
The women who filed the suits accuse Tea Dating Advice Inc., the company behind the viral app, of failing to properly safeguard their personally identifiable information after images of users’ government IDs containing their full names and addresses were leaked online. The women also allege the company failed to provide timely and accurate notice of the breach.
Founded in 2023, the Tea app says it allows users to perform criminal background checks on potential dates, enter photos from a dating app profile into a reverse image search and search dates’ phone numbers. The app also allows women to rate dates with green flags and red flags and includes men’s photos and names. As its popularity soared, the app sparked controversy and generated privacy concerns for those who were negatively reviewed.
The hack was first reported by 404 Media, which said users on the online forum 4chan claimed to have uploaded the images of women and their IDs to the site, long known for its discussion boards containing racist, extremist and misogynistic content. Tea Dating Advice did not immediately respond to requests for comment.
The app, “which marketed itself as a sanctuary where women could anonymously warn each other about dangerous men, instead became the very threat it promised to protect against,” one lawsuit, filed by a woman listed anonymously as Jane Doe, reads.
The women behind the lawsuits include a single mother from Nevada fleeing domestic violence, as well as a woman from Northern California who used the app to warn others about a man who allegedly sexually assaulted two women in her community, according to court documents. Many of the plaintiffs are listed anonymously as Jane Doe.
A third plaintiff, Griselda Reyes, says in her complaint that she now “has anxiety and increased concerns for the loss of privacy, as well as anxiety over the impact of cybercriminals accessing, using and selling” her private information.
“The nature of the application was to provide a forum, a vehicle for women to share very sensitive information about their dating lives with one another, the idea being, of course, that they could do that in a protected forum, thereby helping each other,” Scott Cole, Reyes’s attorney, told The Washington Post.
“What strikes me most about this case as being unique is just the level of trust that these women placed in Tea Dating, which, of course, was violated,” said Cole, whose law firm specializes in data-breach cases. “Those conversations now being public to the very people that they’re aimed at — the violation is astounding.”
On Tuesday, U.S. Magistrate Judge Alex G. Tse of the Northern District of California agreed to combine all five federal class-action lawsuits against Tea Dating Advice into one. The move allows plaintiffs to more easily pursue relief as a group than individually. “We want to bring all the cases together in front of one judge so we can get one set of rulings and litigate the case more effectively,” Cole said.
In a July statement, Tea said that it had detected “unauthorized access to our systems” and about 72,000 images had been exposed, including some 13,000 images of photo identification documents and selfies submitted as part of the user verification process. About 59,000 images shared in posts, direct messages and comments were also accessed, it said.
All of the stolen images had been uploaded before February 2024, when the company began using more secure data storage methods, the statement said.
—
• Frances Vinall and Tatum Hunter contributed.