Data exfiltration definition

Data exfiltration

(also data theft, data extrusion, data exportation)

Data exfiltration is an unauthorized data transfer from a device. Data exfiltration is a key part of data breaches and the most common outcome of cyberattacks. Criminals can extract data from other devices by infecting them with malware, employing ransomware, or using social engineering to get assistance from insiders.

Not all acts of data exfiltration are done for malicious purposes. An employee transferring company data to their personal device without proper authorization is also committing data exfiltration even if no harm is intended or ultimately done.

Real data exfiltration examples

2014: Criminals gained access to eBay’s corporate network through compromised employee login credentials and stole personal information pertaining to 145 million users.
2016: A Federal Deposit Insurance Corporation (FDIC) employee accidentally downloaded the data of thousands of customers to a personal storage device when leaving the organization.
2018: Criminals installed malicious code on the website of British Airways and exfiltrated over 400,000 customers’ sensitive data.

Stopping data exfiltration

Limit privileged access to sensitive information. Restricting the number of insiders who can access the data helps stem data leaks and pinpoint security breaches.
Enforce “bring your own device” (BYOD) policies to limit the number of endpoints that criminals can target in your organization.
Encrypt stored data using file encryption tools such as NordLocker. While encrypted data may still be stolen, it is useless to attackers without the decryption keys.
Use cybersecurity tools like VPNs and antivirus software to prevent cyberattacks on your network.