Cense AI has inadvertently leaked 2.5 million detailed medical records of auto accident victims.

Cense AI is an “SaaS platform that helps business in implementing Intelligent Process Automation, intelligent bots to automate tasks without disrupting current system.” The company specializes in “simplifying implementation of business process automation using Machine Learning and Natural Language Processing.”

According to security researcher Jeremiah Fowler, working in collaboration with Secure Thoughts, Cense AI left two folders with medical data exposed on the same IP address as the company’s website. The two folders contained a combined “2.5 million records that appeared to contain sensitive medical data and PII (Personally Identifiable Information). The records included names, insurance records, medical diagnosis notes, and much more.” In addition, there were clinics, insurance providers and accounts contained in the data.

This is a massive breach on the part of a company trusted with the most sensitive type of customer information, and serves as a cautionary example of what can happen when outside companies are given access to medical data.

What’s more, to date, there has not been any public statement, blog post or explanation on Cense’s part. In other words, this appears to be another case study in how not to handle a data breach.