World-famous VPN company embroiled in class-action lawsuit

A class-action lawsuit has been filed against NordVPN, with the provider's practices around automatic subscription renewals brought into question.

NordVPN is not the only provider to adopt these tactics – many of the best VPNs do, and indeed it's part and parcel of most subscription service industries – but the lawsuit claims that NordVPN's are "illegal" and "deceptive".

The claim names Nordvpn S.A, Tefincom SA, and Nordsec B.V. as the defendants, and Lanzy Kandeh as the plaintiff.

It was first filed on March 28 in the U.S. District Court for the Southern District of New York, with violations of state consumer laws alleged.

Subscriptions are difficult to cancel

It is alleged that Nord Security doesn't adequately warn customers that their subscriptions will auto-renew. The lawsuit describes this practice as a "negative option" feature.

The Consumer Financial Protection Bureau (CFPB) says this is a "condition under which a seller may interpret a consumer's silence, failure to take an affirmative action to reject a product or service, or failure to cancel an agreement as acceptance or continued acceptance of the offer."

Put simply, unless you cancel your NordVPN subscription, the provider will assume you want it to continue and automatically renew your subscription – at an inflated price.

The lawsuit claims these are "deceptive and unlawful subscription practices" and argues they are "designed to entrap consumers".

Lanzy Kandeh claims he didn't know his NordVPN subscription would renew automatically. He said he was "charged $119.08 for another year of that subscription that he did not want".

According to the claim, Nord Security is said to mislead users in the following six ways:

• The subscription process, and what the customer is signing up for, isn't clearly explained.
• The post-purchase receipt doesn't include information on auto-renewal and how to cancel.
• Renewal charges are taken 14 days before the subscription ends – it's argued this is "well before any reasonable consumer would expect such a subscription to renew".
• Canceling a subscription is "exceedingly difficult".
• Sufficient notice of subscription renewal is not provided.
• "Material changes" to renewal terms are not clearly disclosed.

As well as himself, Kandeh is looking to represent any New Yorker affected by auto-renewals and is seeking damages of $50 million.

Kandeh reported that he subscribed to a two-year NordVPN plan in December 2023 and then a one-year subscription to Incogni data removal service – which is owned by Nord Security.

He said that Nord Security "deceived" him into believing the Incogni subscription would cease after one year. But the plan auto-renewed and Kandeh said he couldn't work out how to cancel his NordVPN and Incogni subscriptions.

A refund was obtained via PayPal, but Kandeh said he "did not authorize or want his Nord Subscriptions to renew".

Previous cases

A similar case was brought against NordVPN in 2024 and was filed in a Colorado federal court. Again, "deceptive" auto-renewal tactics were the subject of the lawsuit.

It's not just NordVPN that has faced these accusations. In 2022, an investigation was opened against Proton VPN. Its auto-renewal tactics were described as "potentially fraudulent."

Tom's Guide reached out to NordVPN regarding the lawsuit. A NordVPN spokesperson said: "Nord Security continuously strives to provide an excellent customer experience and complies with legal requirements."

"We have responded to the lawsuits but cannot comment on the specific allegations at this time, other than to state that we are and always have been very clear about the recurring nature of our services."