Security News > 2024 > April > Cerebral to pay $7 million settlement in Facebook pixel data leak case
The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data.
In March 2023, the company sent out notices of data breach to 3.2 million people who had interacted with its websites, applications, and services, that their information had been exposed due to using tracking pixels on its platform.
"These tracking tools collect and send data to third parties so they can provide advertising, data analytics, or other services to the owner of the websites or apps."
FTC's announcement also lists some alleged bad practices followed by Cerebral that resulted in varying levels of exposure of sensitive health data for consumers, including failure to revoke access of former employees to Cerebral patient records and failure to silo providers and restrict their access only to their patient's records.
Prohibit Cerebral from misrepresenting its data security and privacy practices.
Implement a data retention schedule, delete unnecessary consumer data unless consented to be retained, and provide a clear data deletion request mechanism.
News URL
Related news
- 5 Actionable Steps to Prevent GenAI Data Leaks Without Fully Blocking AI Usage (source)
- Pokemon dev Game Freak confirms breach after stolen data leaks online (source)
- Troubled US insurance giant hit by extortion after data leak (source)
- Interbank confirms data breach following failed extortion, data leak (source)
- Ford investgates alleged breach following customer data leak (source)
- Ford investigates alleged breach following customer data leak (source)