The lawsuits of the future are already being drafted today, and in today’s age of digital rights, that means that FinTech leaders must become part compliance strategist, part technologist, and part futurist.
“In 2021, there were 400 data breach lawsuits filed,” Philip Yannella co-chair of the privacy, security and data protection practice at Blank Rome and the author of “Cyber Litigation: Data Breach, Data Privacy & Digital Rights,” 2025 edition, told PYMNTS. “Last year, there were over 2,000.”
While some suits settle for $15,000 to $25,000, larger class-action cases can climb into the millions.
Yannella’s own book focuses on what he terms digital rights: a legal ecosystem that has emerged from the collection, storage, sharing and protection of personal information online.
Litigation, he explained, is “absolutely booming,” spurred by a combination of legal creativity, technological opacity, and, in many cases, opportunism.
And as the line between legal compliance and technical innovation blurs, this surge in litigation is no longer a fringe issue; it is fundamentally reshaping how FinTechs, digital marketers, and even mainstream banks approach business.
Digital Blind Spots
“What plaintiffs’ lawyers have done in the privacy space in particular is weaponize older statutes,” Yannella explained. “Wiretap lawsuits are a great example. … They’ve used the California Invasion of Privacy Act and the Federal Wiretap Act to go after companies.”
The tactics are strategic. Plaintiffs’ lawyers scan corporate websites with automated tools, uncovering uses of third-party tech — especially from companies like Google, Meta and TikTok — that might potentially breach wiretap or privacy statutes.
But these aren’t lawsuits over phone taps. They’re about tracking pixels, session replay tools, and beacons. Common web technologies many companies don’t even realize they’re using.
“A lot of clients don’t necessarily know what technologies are running on their websites,” Yannella said. “As a result, they get hit with these demand letters or lawsuits, and they’re completely unaware.”
Perhaps the most troubling revelation for FinTech leaders is how many compliance failures start at home. For FinTechs, many of which are data-native by design, this can be more than a PR headache. It’s a structural vulnerability. In some cases, companies are outsourcing digital marketing efforts to third-party vendors, leaving them blind to the technologies being deployed under their own brand.
“There’s often a gap between legal and marketing,” Yannella said. “One doesn’t know what the other is doing. … You could get hit by one plaintiff’s firm, settle, and then another comes knocking the next week.”
Asked about the biggest threat facing financial services over the next three years, Yannella doesn’t hesitate.
“Data breaches are always the biggest danger, particularly for financial institutions,” he said. And artificial intelligence (AI) only raises the stakes. “We’re going to go through a period where we see more breaches — potentially more expensive breaches — until companies can get their arms around how to deal with these AI threats.”
Open Banking, Regulation Fog
FinTech, by its nature, sits at the intersection of innovation and regulation. But the space between those two poles is narrowing. And while consumer-facing risks grab headlines, it’s the B2B data breach litigation that Yannella sees escalating behind the scenes. Vendor access has become a major attack vector.
“If you’re a bank, you’ve got to worry quite a bit about your vendors,” Yannella explained. “That’s going to be a problem — and I think it’s going to grow.”
This echoes broader concerns about third-party risk. Whether it’s a marketing firm implementing trackers or a payroll processor with weak cybersecurity, FinTechs and banks alike are only as secure as their most vulnerable partner.
With no unified national standard in the U.S., FinTechs are forced to navigate a fragmented regulatory environment. Adding to the complexity, some states that previously offered broad exemptions for financial institutions are now pulling back.
“It’s a mess in the U.S. You have the uncertainty with the Trump administration. No one really knows what’s going to happen with the CFPB,” Yannella said.
Even as FinTechs navigate old statutes, they’re also contending with the fluidity of future regulation. Nowhere is this more evident than in the conversation around open banking. While the current regulatory picture remains murky, Yannella believes there’s money to be made for companies that can turn open banking into a business advantage.
“I don’t think open banking is going to go away,” he explained, despite uncertainty surrounding the CFPB’s rewrite of Rule 1033. “Smart FinTechs are thinking about how to put some of these open banking concepts into practice … still, maybe the CFPB will redo it. We will see.”
Ultimately, as digital rights evolve at lightning speed, executives need more than a vision board and a hoodie. They need legal foresight.
