Hundreds of thousands of people who suffer from alcoholism have seen their privacy violated after learning that startups dedicated to rehabilitating alcoholics online, Monument and Tempest, have been caught sharing confidential user data with advertisers without their consent.
As the TechCrunch portal has learned, everything was revealed after an internal review revealed a data breach that affected 100,000 users, forcing companies to issue a formal publication to the affected user base.
In fact, this data breach began more than 5 years ago and was ongoing until last month's review, when both companies were finally caught with a practice that has put them at the center of controversy and seriously damaged their image.
Monument and Tempest started out as two completely different platforms, but the former acquired the other several months ago. Parent company Monument confirmed not only the data breach, but that the companies shared private information with advertisers through a notice filed with the California attorney general.
This data shared by these portals to help those affected by alcoholism with advertisers, without the consent of the users, includes names of patients, dates of birth, email addresses, postal addresses, telephone numbers, information about insurance and much more.
The self-serving leak has been widely criticized and seen as an attack on those looking to get well: These companies also shared data related to dating information, evaluation information, and survey responses, including data on alcohol consumption.
However, Monument continues to tout its commitment to privacy on its website, claiming that survey responses are "protected" despite the recent disclosure, an embarrassing situation to say the least after the outrageous disclosure of private data became known. .
For their part, these startups blame the problem on third-party tracking systems and claim that they have removed the offending tracking codes from their websites. The companies do not admit to having shared this information on purpose to increase profits, indicating that they were data movements beyond their control.
The case is reminiscent of several examples of similar breaches, such as the time a mental health company shared patient information without consent and when Meta was caught collecting and sharing its users' health data in an entirely indiscriminate and doubtfully ethical manner.
While this is a particularly cruel example, it's important to remember that most companies have a less-than-impeccable record when it comes to data privacy, even for medical records, especially in the United States. In any case, it is another case of the fragility of private data today.
