diff --git a/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql b/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
index 848f84c7fff..5fc271dd991 100644
--- a/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
+++ b/ruby/ql/src/queries/security/cwe-598/SensitiveGetQuery.ql
@@ -38,6 +38,7 @@ from
 where
   handler.getAnHttpMethod() = "get" and
   input.asExpr().getExpr().getEnclosingMethod() = handler and
-  localFlowWithElementReference(input, sensitive)
+  localFlowWithElementReference(input, sensitive) and
+  not sensitive.getClassification() = SensitiveDataClassification::id()
 select input, "$@ for GET requests uses query parameter as sensitive data.", handler,
   "Route handler"
diff --git a/ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.expected b/ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.expected
index a851b810cb6..9563e1eefae 100644
--- a/ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.expected
+++ b/ruby/ql/test/query-tests/security/cwe-598/SensitiveGetQuery.expected
@@ -1,2 +1 @@
 | app/controllers/users_controller.rb:4:16:4:21 | call to params | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:3:3:6:5 | login_get | Route handler |
-| app/controllers/users_controller.rb:5:23:5:28 | call to params | $@ for GET requests uses query parameter as sensitive data. | app/controllers/users_controller.rb:3:3:6:5 | login_get | Route handler |
diff --git a/ruby/ql/test/query-tests/security/cwe-598/app/controllers/users_controller.rb b/ruby/ql/test/query-tests/security/cwe-598/app/controllers/users_controller.rb
index 7788894f98a..80a13184737 100644
--- a/ruby/ql/test/query-tests/security/cwe-598/app/controllers/users_controller.rb
+++ b/ruby/ql/test/query-tests/security/cwe-598/app/controllers/users_controller.rb
@@ -2,12 +2,12 @@ class UsersController < ApplicationController
 
   def login_get
     password = params[:password] # BAD: route handler uses GET query parameters to receive sensitive data
-    authenticate_user(params[:username], password) # BAD: route handler uses GET query parameters to receive sensitive data
+    authenticate_user(params[:username], password)
   end
 
   def login_post
     password = params[:password] # GOOD: handler uses POST form parameters to receive sensitive data
-    authenticate_user(params[:username], password) # GOOD: handler uses POST form parameters to receive sensitive data
+    authenticate_user(params[:username], password)
   end
 
   private