PNC Bank Hit with Lawsuit Over Alleged Secret Website Tracking

Case Overview: A class action accuses PNC Bank of secretly tracking website visitors through LinkedIn’s “session replay” software without consent.

Consumers Affected: PNC Bank website visitors whose online sessions may have been recorded or transmitted to third parties.

Court: Court of Common Pleas of Allegheny County, Pennsylvania

PNC Bank faces a class lawsuit claiming it quietly monitored people as they used its website, recording each scroll, click, and keystroke without their knowledge. Filed in federal court in Pennsylvania, the complaint says The PNC Financial Services Group embedded LinkedIn’s tracking software into its site. 

The tool allegedly created detailed “session replays,” letting the bank review how visitors moved through its pages in near-real time. Each movement of the cursor, each word entered into an online form, and each button clicked could be recorded, stored, and transmitted to external servers.

Plaintiff Leslie Birdsall claims this system amounted to digital eavesdropping. Her lawsuit argues that PNC’s setup broke the Pennsylvania Wiretap Act, a law that forbids recording private electronic communication unless all parties agree. 

The complaint says no notice appeared on PNC’s site to alert users that their browsing could be observed or copied. Visitors had no reason to believe their every move might be tracked.

Plaintiff Says Bank’s Data Practices Breached Pennsylvania’s Wiretap Law

Court filings describe the tracking software as far more invasive than typical website analytics. Standard analytics tools generally collect aggregate data, such as how many visitors land on a page or how long they stay. 

The software at issue, according to Birdsall, did much more. It recorded how individual users scrolled, what they typed, and how they moved from one page to another.

That level of detail can create what’s known as a “session replay,” a full reconstruction of a user’s time on the site. Developers often market such programs as a way to improve design and identify glitches. But Birdsall says PNC went beyond that by capturing communications that should have remained private. 

The complaint accuses the bank of “knowingly and intentionally” using LinkedIn’s software to watch how customers behaved online, then analyzing that data to refine marketing and operations.

Complaint Describes “Session Replay” Recordings As Digital Eavesdropping

Session replay tools have become increasingly common in industries that depend on digital interaction. Retailers use them to study how customers browse products. Healthcare providers apply them to monitor patient portal activity. Banks rely on them to test new web features and understand how users complete forms.

These tools can reveal what catches a visitor’s attention or where they get stuck, but they also raise privacy concerns. Because they can capture everything from cursor trails to text typed into unsubmitted fields, critics say they resemble a form of surveillance rather than a simple diagnostic tool.

In several states, consumers have brought lawsuits making similar claims. Plaintiffs argue that companies collecting such data are effectively intercepting communications that should be treated as private, even if the information never leaves a website’s interface. 

Birdsall’s case fits within that growing field of litigation and calls for higher privacy standards in the financial sector, where the information involved is often sensitive.

PNC’s Broader Compliance Practices Come Under New Scrutiny

The lawsuit arrives at a time when PNC’s business practices are already under examination. 

Earlier this year, the bank faced a separate class action lawsuit in New Jersey brought by mortgage loan officers who said they were denied overtime pay. That dispute focused on wage law rather than digital monitoring, but it placed another spotlight on PNC’s compliance practices.

Together, the cases suggest an institution balancing innovation with risk management. As banks push further into digital services, they collect more behavioral data from customers. The question now facing PNC is whether its data collection crossed into territory that state law considers private communication.

Birdsall’s filing argues that customers expect their financial interactions to remain confidential. Visiting a bank’s website, she says, should feel as secure as walking into a branch office. Recording and replaying that experience, even for analytics purposes, undermines that sense of trust.

She is asking the court to order PNC to remove LinkedIn’s tracking software and delete all information gathered through it. It also seeks damages, restitution, and attorney fees.

Case Details

• Lawsuit: Birdsall v. The PNC Financial Services Group Inc.
• Case Number: GD-25-009654
• Court: Court of Common Pleas of Allegheny County, Pennsylvania

Plaintiffs' Attorney:

• Nicholas A. Colella (Lynch Carpenter LLP)

Have you used PNC Bank’s website recently? Would you be concerned if your browsing activity was recorded? Share your perspective in the comments below.