Data Exfiltration Analysis

Website-Design-DF_Data Breach.jpg (2)

Data exfiltration occurs when a cyber-attack was successful and organizational data has been compromised.  In this stage of a data breach investigation (link to data breach page), our experts are engaged to determine how the data was exfiltrated, if there is evidence the data is still being stolen, and the total exposure, including the total number of client personal records that have been stolen. 

It is essential to distinguish the extent of data theft, since fines and penalties are levied against the organization based upon the total number of records (PII, PHI, and/or PFI) that have been compromised.  A handful of records typically cost an organization only a few thousand dollars, whereas a major breach with hundreds of thousands of records lost can cost millions. 

Our cybersecurity analysts understand the techniques used by malicious bad actors to obtain data and carry out acts of data exfiltration.  Once we determine the impact and scope of damage, and what type of technology was involved in the attack, we can then investigate the type of infection or breach and level of access reached by the bad actor.  Going through this process can help uncover what data was exfiltrated, viewed or lost, and what next steps need to be to get operations back up and running. 

Types of Data Exfiltration Methods 

  • HTTPS downloads or uploads 
  • Email 
  • FTP sites 
  • Instant messaging 
  • Filesharing sites 
  • VPN 
  • Cloud storage uploads 
  • Steganography 
  • SSH and tunneling 

These types of attacks can be especially alarming for specific industries such as healthcare, finance, municipalities and government agencies. We’ve helped hundreds of claims professionals and litigation attorneys mitigate high-stake cybercrime. For quick access to our breach team, email us at