Online alcohol recovery programs Monument and Tempest shared users’ personal information with third-party advertisers for several years, according to a data breach notification filed last week with California’s attorney general.
Monument said it used pixel-tracking technologies from companies like Meta, Google, Bing and Pinterest “without the appropriate authorization, consent or agreements required by law.”
Information shared could include name, birth date, email address, phone number, address, insurance member ID, IP address, selected services, assessment or survey responses, appointment information, associated health information and other details. Monument told MobiHealthNews a little more than 100,000 people were affected.
Monument said it stopped using most tracking technologies late last year and fully disconnected its websites by the end of February.
Monument and Tempest are the latest digital health companies that have disclosed sharing users’ personal information for advertising purposes. Last month, digital mental health company Cerebral said it had disclosed more than three million patients’ personal health information to Google, Meta, TikTok and others.
The Federal Trade Commission has also been looking into digital health companies using consumers’ data for advertising purposes. Read more.
