Truist settled a proposed class-action lawsuit last week that alleged the bank embedded trackers into its website that went on to covertly collect and sell user data to third-party advertising platforms.

California resident John Tasker sued the bank May 28 in the U.S. District Court for the Central District of California, claiming that Truist’s use of pixel trackers – website-embedded tracking mechanisms that monitor user behavior – violates the California Invasion of Privacy Act, a 1967 law prohibiting unauthorized wiretapping and eavesdropping on private communications.

The trackers, provided by companies such as Google and Meta, collect information such as internet protocol addresses, click paths and session time stamps.

“When users’ data is collected without meaningful consent and monetized, they lose control over who can access, use, or distribute their personal information,” Tasker claimed, adding that data brokers and tech firms collect information to construct detailed consumer profiles, which are then sold to third parties without the user’s awareness.

“This results in pervasive surveillance, where users are continuously tracked across multiple websites, applications and devices, often without their knowledge or ability to opt out,” Tasker alleged.

According to the lawsuit, Tasker visited Truist’s website several times and “did not consent to the installation, execution, embedding or injection” of trackers onto his device, and “did not expect their behavioral data to be disclosed or monetized.”

Details of the settlement were not available on the case docket. A spokesperson for Truist did not immediately respond to a request for comment.

A separate lawsuit, filed by Tasker against BMO on the same day as the Truist suit was filed, remains active.

A BMO spokesperson and Tasker’s attorney did not immediately respond to requests for comment.