CRBC News
Culture
Society
Security
Health
Conflict
Science
Technology
Politics
Environment
Lifestyle
Economy

Arizona Sues Temu and Parent PDD Holdings, Alleging Massive Customer Data Harvesting

Arizona Attorney General Kris Mayes has sued Temu and parent PDD Holdings, accusing the companies of secretly harvesting sensitive user data and misleading shoppers about product quality. A forensic review cited in the complaint reportedly found code experts identify as malware or spyware and functionality that disguises data exfiltration. The suit raises concerns that Chinese law could compel data access and alleges intellectual property theft; prosecutors want stronger federal consumer protections and urged users to delete the app and scan devices for malware.

09:00 AM, 12/03/2025Security
Arizona Sues Temu and Parent PDD Holdings, Alleging Massive Customer Data Harvesting

Arizona Attorney General Kris Mayes announced that the state has filed suit against the Chinese online retailer Temu and its parent company, PDD Holdings Inc., alleging the companies illegally harvest large amounts of customers’ personal data and mislead shoppers about product quality.

The complaint says investigators found the Temu app collects a "shocking" volume of sensitive information without user consent — including precise GPS locations, inventories of apps installed on users' phones, and other device identifiers. Prosecutors say portions of the app's code appear designed to evade security scrutiny and that some code resembles previously banned or malicious components.

“It can detect everywhere you go, to a doctor’s office, to a public library, to a political event, to your friends' houses,” Mayes said. “So the scope of this invasion of privacy is enormous, and that’s why I consider it possibly the gravest violation of the Arizona Consumer Fraud Act that we have ever seen in Arizona.”

Arizona’s lawsuit raises national security and privacy concerns because Temu is subject to Chinese laws that can require companies to turn over data to the government. In a forensic review, Arizona investigators reported finding portions of code that experts identify as malware or spyware, functionality that can exfiltrate data while masking that activity, and "large swaths" of code carried over from the platform’s predecessor.

Mayes also alleges the company has harmed local businesses by copying intellectual property, naming brands that include the Arizona Cardinals and Arizona State University as examples. Attorneys general in Kentucky, Nebraska and Arkansas have filed similar lawsuits in recent years.

While Congress has moved on measures aimed at limiting certain Chinese tech influences and protecting intellectual property, Mayes urged stronger federal consumer protections and enforcement to address cross-border data risks and deceptive trade practices.

What investigators recommend: Mayes urged Arizonans to delete their Temu accounts, uninstall the app, and run malware scans on their devices. The suit seeks to hold Temu and PDD Holdings accountable under state consumer protection laws and to prevent further alleged data collection and intellectual property misuse.

Note: These are allegations contained in the state’s complaint. The companies involved will have the opportunity to respond in court.

Similar Articles

Trending