In a decisive move to bolster customer security, Optum Bank announced that it will no longer allow third-party financial management applications, such as Credit Karma, and data aggregators, like Plaid and Yodlee, to access customer account details using their credentials. This change, effective as of June 21, 2024, at 8:00 p.m. CT, follows a significant data breach that affected Optum Bank’s parent company, UnitedHealth Group.
The UnitedHealth Optum cyberattack
In a recent cybersecurity incident, UnitedHealth Group, the largest U.S. health insurer and parent company of Optum Bank, fell victim to a data breach that compromised sensitive information. The attack, which occurred in April 2024, exposed the personal data of nearly 1 million customers, including names, addresses, dates of birth, and Social Security numbers.
Why Optum made the change
Optum Bank aims to reduce the risk of unauthorized access to sensitive financial information by preventing customers from sharing their login credentials with external applications. This move demonstrates Optum Bank’s commitment to safeguarding customer data and maintaining the highest privacy and security standards. While reactionary, this move sets a strong precedent for other financial institutions to prioritize customer security over convenience.
RELATED: Ally Bank could be discontinuing its support for Plaid and other data aggregators
What it means for customers
This change may require some adjustment for Optum Bank customers who have relied on third-party applications to manage their finances. However, it is essential to note that customers can still access their Optum Bank accounts directly through the bank’s official website and mobile app, which offer various account monitoring tools.
As the financial industry continues to grapple with the challenges of cybersecurity and data privacy, it is crucial that companies prioritize user protection above all else. The practice of forcing users to disable 2FA to accommodate budget apps and data aggregators is a clear example of how convenience should never come at the cost of security. Optum Bank’s decision to sever ties with these third-party services, combined with privacy-focused alternatives like Skwad that work from email alerts instead of bank logins, points toward a more secure future in digital finance management.
Frequently asked questions
Why did Optum Bank stop supporting data aggregators?
The change followed a ransomware attack on parent company UnitedHealth Group that exposed sensitive customer data. By blocking credential-based access for third-party apps, Optum reduces the risk of unauthorized access to customer accounts.
Can I still see my Optum Bank account activity?
Yes. You can access your accounts directly through Optum Bank’s official website and mobile app, which include account monitoring tools. What changed is that third-party apps can no longer log in with your credentials.
How do I keep budgeting if my app can no longer connect to Optum?
Use transaction email alerts. Turn them on in your Optum account and forward them to a budgeting app like Skwad, which reads each alert and logs the transaction without ever needing your bank password.
