Back to Glossary
Cloud
What is Data Exfiltration?
The unauthorized transfer of data from an organization's network, the primary goal of most data breaches.
Data exfiltration is how stolen data actually leaves an organization during a breach.
Methods
- Network transfer: Upload to cloud storage, email, or remote server
- DNS tunneling: Encode data in DNS queries to bypass firewalls
- Steganography: Hide data in images or files uploaded to legitimate services
- Physical: Copy to USB drives, printed documents, photos of screens
- Encrypted channels: Use HTTPS or VPN tunnels to hide the transfer
Detection Challenges
- Encrypted traffic is hard to inspect without breaking encryption
- Cloud service usage is normal — distinguishing legitimate from malicious is hard
- Insider threats can exfiltrate data slowly over time
- Small amounts of highly valuable data (credentials, keys) are easy to hide
Prevention
- Data Loss Prevention (DLP) tools monitor for sensitive data leaving the network
- Network segmentation limits what an attacker can reach
- Endpoint detection monitors for suspicious file access
- Encryption at rest means stolen files are useless without keys
- Zero-trust architecture limits lateral movement
Related Terms
Data Breach
A security incident where protected, sensitive, or confidential data is accessed, stolen, or exposed by unauthorized individuals. Data breaches can result from hacking, insider threats, lost devices, or misconfigured systems.
Encryption at Rest
Encryption applied to data stored on disks, databases, or other storage media. When data is 'at rest' (not actively being transmitted), encryption protects it from unauthorized access if storage devices are stolen or compromised.
Have more questions?
Use our guided flow to get the right next privacy step for Data Exfiltration.
Open Guided Flow