Sensitive data exposure occurs when sensitive information (PII, PHI, financial data) is inadequately protected — transmitted in cleartext, stored without encryption, or exposed through weak access controls.
OWASP Top 10 #2 (2021: Cryptographic Failures). Prevention: encrypt at rest and in transit, use strong algorithms, implement proper key management, minimize data collection, classify data and apply appropriate controls.