Data Exfiltration

Threats ⚠️ • Security Operations 🛡️ • Governance (GRC) 📜 • Difficulty: free

Definition

Data exfiltration is the unauthorized transfer of data from an organization to an external location. Attackers or insiders may steal sensitive information such as customer records, intellectual property, or credentials, often trying to avoid detection by blending into normal network and user activity.

Examples

An attacker compresses sensitive files and uploads them to a personal cloud storage account.
Malware sends small pieces of data out through DNS queries to avoid typical web filtering.

Discover 🔎

Many security incidents are not only about getting in. They are about getting data out. Data exfiltration is often the moment where a breach becomes a serious business problem, because once data leaves your control it can be copied, sold, leaked, or used for fraud.

Exfiltration can happen quickly, such as a bulk download of files, or slowly, such as small data transfers over days. Attackers often try to blend exfiltration into normal activity so it looks like ordinary browsing, syncing, or emailing.

Remember: Intrusion is access. Exfiltration is impact. Many attackers are measured by what they can take, not just where they can go.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.