A data leak involving the exposure of approximately 2.5 million sensitive personal records by New York-based Cense AI raised questions about the company's security.

Records exposed in what seemed to be a temporary repository intended for staging purposes, possibly for use in an AI bot or management system, included sensitive personal information such as names, insurance details, medical diagnosis notes, and payment records. 

The data appeared to be related to individuals involved in car accidents, with references to chiropractic and neck or spinal injuries. 

The leak was discovered by a security researcher who identified the records as publicly accessible online. Upon validation, the researcher promptly notified Cense AI, leading to the restriction of public access to the database. 

The exposure of such sensitive medical data is viewed as particularly concerning due to its high value on the black market, where medical records can be sold for significantly more than other types of personal information.