Two online alcohol recovery companies, Monument and Tempest, were recently caught sharing sensitive data with advertisers without user consent. The data breach came to light in an internal review affecting 100,000 users, forcing both companies to make a formal disclosure to their user base. The breach began in 2017 and continued until last month’s review.
Monument acquired Tempest a few months ago, and its parent company, Monument, confirmed the data breach and sharing of personal information with advertisers through a notice filed with the California Attorney General. Data shared included patient names, dates of birth, email addresses, postal addresses, phone numbers, insurance information, and more.
Cruelly, both companies also shared data on survey responses, including booking information, rating information, and alcohol consumption data. Monument claims on its website that it cares about privacy, but the revelations have dashed those claims.
Both companies attribute the problem to a third-party tracking system, but have removed the offending tracking code from their websites. However, it does not admit that it intentionally shared the information for profit and indicates that a tracking pixel provided by a third party was the cause of the infringement.
This is just one example of how companies in the healthcare sector have a poor track record when it comes to data privacy. In another similar breach, Meta was arrested red-handed after a psychiatric company shared patient information without consent. Users are advised to be careful about data handling and read the privacy policy carefully before using online services.
Leave a Reply