Mental health startup Cerebral recently announced a data breach that exposed the sensitive information of over 3.1 million patients to Google, Meta, TikTok, and other third-party advertisers. The information included patient names, phone numbers, email addresses, birth dates, IP addresses, and insurance information, in addition to mental health self-assessment answers given on their website or app. This was all made possible through tracking pixels embedded into their websites and apps, which allowed these third parties access to users’ data without their knowledge or consent.
The tracking pixels were used by Cerebral as far back as October 2019 to measure how users interacted with ads on various platforms and track what they did afterward. These pixels are bits of code provided by Meta, TikTok, and Google that developers can embed into websites or apps to collect user activity data when someone clicks an ad from those sites. These companies then have access to this collected data, which allows them insight into the behavior of their users for marketing purposes.
The company claims it took immediate steps once it became aware of the issue, including disabling any remaining tracking pixels from its platform along with launching an investigation into what went wrong leading up to the breach occurring in the first place. It has also set up a dedicated help desk for customers who may have questions about what happened and is working hard on rebuilding customer trust going forward though no clear timeline has been put forward yet for when this will be achieved or any other specific details regarding how they plan on doing so apart from improving security protocols across all products & services offered by them moving forward.
While companies like Cerebral need tools like tracking pixels to gain more insight into user behavior & interaction with ads on various platforms & devices, they must ensure adequate security measures are taken beforehand so that private customer data isn’t compromised.
Finally, government regulation needs to be strengthened to put further pressure on companies regarding how they handle customer information – especially regarding something so sensitive, like mental health records. With stronger regulations already in place, hopefully, incidents like this will become less common, giving customers peace of mind knowing their private information is safe from prying eyes.