Security News > 2024 > April > Cerebral to pay $7 million settlement in Facebook pixel data leak case

Cerebral to pay $7 million settlement in Facebook pixel data leak case
2024-04-16 21:37

The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data.

In March 2023, the company sent out notices of data breach to 3.2 million people who had interacted with its websites, applications, and services, that their information had been exposed due to using tracking pixels on its platform.

"These tracking tools collect and send data to third parties so they can provide advertising, data analytics, or other services to the owner of the websites or apps."

FTC's announcement also lists some alleged bad practices followed by Cerebral that resulted in varying levels of exposure of sensitive health data for consumers, including failure to revoke access of former employees to Cerebral patient records and failure to silo providers and restrict their access only to their patient's records.

Prohibit Cerebral from misrepresenting its data security and privacy practices.

Implement a data retention schedule, delete unnecessary consumer data unless consented to be retained, and provide a clear data deletion request mechanism.


News URL

https://www.bleepingcomputer.com/news/security/cerebral-to-pay-7-million-settlement-in-facebook-pixel-data-leak-case/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Facebook 29 0 11 46 54 111