Data leakage

Data exfiltration is rarely the sole objective of a cyber attacker. While some make it the sole objective of their attacks for lucrative purposes, they are generally associated with other types of attacks that fulfil other objectives.

In fact, ransomware attacks are generally associated with data exfiltration, especially in recent years with the development of dual extortion. This data exfiltration is carried out with the aim of increasing the pressure on the target to pay the ransom as quickly as possible and/or to maximise the amount of the ransom. Other data exfiltration is sometimes carried out as part of state-sponsored cyber-attack campaigns, particularly for espionage purposes.

In the vast majority of cases, data exfiltration can be confused with data leakage. However, unlike data exfiltration, data leakage can be accidental, whereas data exfiltration is never accidental and is the result of a malicious act.

These two cybersecurity incidents often have far-reaching consequences, in legal terms of course, as it is not uncommon for lawsuits to be brought against the victim companies, accusing them of negligence, but not only that. They also have a major reputational impact, significantly damaging the image of companies accused of negligence. Indeed, data exfiltration or leakage also means the exposure of confidential information such as emails, passwords, bank details in some cases, and health records in others. It’s important to check regularly that your login details are not on a leaked database. You can do this using tools such as HaveIBeenPowned, available at the following link: https://haveibeenpwned.com/