Slashdot reader itwbennett writes: Personal health information on 4.7 million Blue Shield California subscribers was unintentionally shared between Google Analytics and Google Ads between April 2021 and January 2025 due to a misconfiguration error. Security consultant and SANS Institute instructor Brandon Evans points to two lessons to take from this debacle:
- Read the documentation of any third party service you sign up for, to understand the security and privacy controls;
- Know what data is being collected from your organization, and what you don’t want shared.
“If there is a concern by the organization that Google Ads would use this information, they should really consider whether or not they should be using a platform like Google Analytics in the first place,” Evans says in the article. “Because from a technical perspective, there is nothing stopping Google from sharing the information across its platform…
“Google definitely gives you a great bunch of controls, but technically speaking, that data is within the walls of that organization, and it’s impossible to know from the outside how that data is being used.”
