Mental health platform Cerebral claims to have accidentally shared its user data with third-party advertisers including big companies like Meta, Google, TikTok and others. The leaked data contains significant details of Cerebral’s users, including their names, phone numbers, insurance information, email addresses, IP addresses, birth dates, appointment dates, treatment information, and more.
Cerebral further revealed that the accident could have possibly resulted from the tracking tools that it has been using, and more specifically the bits of code embedded in its app from the third party advertisers. These have allowed Cerebral to measure how its users engage with ads on its platform, while giving advertising platforms access to user information.
Cerebral has assured that the exposed information does not include more sensitive information like bank account information, credit card numbers, or social security numbers. Since the occurrence of the data exposure, Cerebral has taken all necessary actions to prevent future incidents, as well as enhanced its data security practices and technology vetting processes.
Cerebral is also expected to disclose potential violations of the Health Insurance Portability and Accountability Act, under investigation by the US Office for Civil Rights. This breach follows similar incidents involving pixel-tracking tools. In addition to that, the platform is being subjected to an investigation by the Department of Justice and the Drug Enforcement Administration for prescribing controlled medication like Adderall and Xanax.