Share this article on:
An online alcohol counselling service has sent out letters to 109,000 of its customers warning that their data had been inadvertently shared with third-party tracking providers.
Monument sent the letters after auditing its websites following federal government guidance on the dangers posed by web trackers provided by third parties such as Meta, Google, and Bing.
The data that may have been compromised includes name and address, emails and websites, telephone numbers, and the various services a member may have been using on the site. Monument has said it has no evidence of the data being used maliciously, however — the data had simply been inadvertently shared with entities that were not entitled to it under the US Health Insurance Portability and Accountability Act or HIPAA.
“On or about February 6, 2023, Monument’s internal review concluded that some information may have been shared with those third parties without the appropriate authorisation, consent, or agreements required by law,” Monument said in its letters to its customers. “The internal review concluded that this activity commenced in January of 2020, with respect to Monument members, and November of 2017, with respect to Tempest members.”
Despite the relatively benign nature of the breach — the data was inadvertently shared, essentially, with actors who are not likely to abuse it — Monument is treating it seriously.
“Even though this incident is unlikely to result in identity theft or any financial harm to you, and we have no evidence of misuse or incidents of fraud stemming from this incident, we have arranged for you to enroll, at no cost to you, in an online credit monitoring service,” Monument said.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.