Application security, Data Security, Privacy

Significant privacy violations net over $7M fine for Cerebral

The EU's DMA

Mental health subscription platform Cerebral has been ordered by the Federal Trade Commission to pay more than $7 million to resolve charges alleging that it provided TIkTok, LinkedIn, Snapchat, and other third-party entities access to sensitive data of nearly 3.2 million users for advertising purposes, reports The Hacker News.

Such information shared by Cerebral to third-parties included individuals' names, birthdates, home and email addresses, demographic details, medical and prescription data, and health insurance details, among others, according to the FTC, which also accused the mental telehealth firm of inadequately protecting user data after allowing medical record access to former employees.

Aside from alerting its customers regarding the FTC order on its website, Cerebral has also been tasked to erase most unneeded data and allow voluntary data deletion on top of a new data retention schedule. Such a development comes after New York-based alcohol addiction treatment provider Monument was banned from sharing health data to third parties.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

You can skip this ad in 5 seconds