Mental health platform Cerebral claims to have accidentally
shared its user data with third-party advertisers including big companies like
Meta, Google, TikTok and others. The leaked data contains significant details
of Cerebral’s users, including their names, phone numbers, insurance
information, email addresses, IP addresses, birth dates, appointment dates,
treatment information, and more.
Cerebral further revealed that the accident could have possibly resulted from the tracking tools that it has been using, and more specifically the bits of code embedded in its app from the third party advertisers. These have allowed Cerebral to measure how its users engage with ads on its platform, while giving advertising platforms access to user information.
Cerebral has assured that the exposed information does not
include more sensitive information like bank account information, credit card
numbers, or social security numbers. Since the occurrence of the data exposure,
Cerebral has taken all necessary actions to prevent future incidents, as well
as enhanced its data security practices and technology vetting processes.
Cerebral is also expected to disclose potential violations
of the Health Insurance Portability and Accountability Act, under investigation
by the US Office for Civil Rights. This breach follows similar incidents
involving pixel-tracking tools. In addition to that, the platform is being
subjected to an investigation by the Department of Justice and the Drug
Enforcement Administration for prescribing controlled medication like Adderall
and Xanax.
