Online alcohol recovery startups Monument and Tempest got caught sharing confidential user data with advertisers without their consent, . Everything came to light after an internal review revealed a data breach impacting 100,000 users, forcing the companies to to the user base. The violations started in 2017 and were ongoing until last month’s review.
Monument and Tempest started as two entirely different platforms, but the former acquired the latter several months back. Parent company Monument confirmed not only the data breach but that the companies shared private information with advertisers via a notification filed with California’s attorney general. Data shared with advertisers, without user consent, includes patient names, dates of birth, email addresses, postal addresses, phone numbers, insurance information and more.
Unfortunately, that is just the beginning. In a cruel…
