Data Exfiltration

Data exfiltration is the unauthorized transfer of data from an organization's systems to an external destination controlled by a threat actor. It is a common objective in targeted cyberattacks and a frequent outcome of ransomware and advanced persistent threat campaigns. In third-party cyber risk management, vendors with access to sensitive first-party data represent a potential exfiltration pathway if their systems are compromised.