Cerebral, a digital health company, recently informed 3.1 million individuals of inadvertent data exposure, with the goal of protecting the sensitive health information of all its users. The company discovered and addressed the issue, but not before the exposed data could have been obtained by malicious actors.
What Happened?
On May 8th, 2020 Cerebral discovered that certain personal information related to their users had been inadvertently exposed on their platform. The exposed data included personal information such as names, addresses, dates of birth, and email addresses. Additionally, potentially sensitive health data associated with the platform, such as chronic condition diagnoses, severity of symptoms, medication information, and other mental health related measures, were also exposed.
The company quickly took steps to address the issue and remove the exposed data. Cerebral also informed their users of the incident on June 15th and began sending out notification emails. As a precautionary measure, the company has recommended that all of their users remain vigilant and be on the lookout for any suspicious activity.
Third-Party Involvement
Upon further investigation, Cerebral discovered that a third-party vendor was responsible for the inadvertent exposure and it was this vendor that had access to the user data. The vendor had inadvertently left a data repository open, which exposed the user information.
Cerebral has since alerted the vendor of the incident, taken steps to remove the exposed data, and has since addressed the issue with their own internal security measures to prevent similar incidents from occurring in the future.
What To Do
Cerebral urges all users to remain vigilant and be on the lookout for any suspicious activity. The company recommends that users change their passwords and contact information, as well as regularly review their online accounts for any suspicious activity. It is also up to users to take steps to protect their sensitive personal information, including limiting the amount of information they share online and setting up two-factor authentication for their accounts.
If users have any questions or would like additional information, they can contact Cerebral’s customer service team.
Conclusion
Cerebral is doing their part to protect the sensitive health information of their users, by quickly addressing the issue and informing them of the incident. It is important that users remain vigilant and take measures to protect their sensitive personal information. Please help spread the word and share this article on social media!