Exfiltration

1. Unauthorized transfer of information from an information system. A data breach of an election system may lead to the exfiltration of PII data.

Source: Glossary - Introduction to Information Technology for Election Officials U.S. Election Assistance Commission https://www.eac.gov/assets/1/28/Glossary_IT-Terms_Managing_Election_Technology.pdf

2. The transfer, either electronically or physically, of information from a victim system by a threat actor without the data owner’s permission.

Source: Cyber Threats to Elections – A Lexicon, Cyber Threat Intelligence Integration Center & Office of the Director of National Intelligence, https://www.dni.gov/files/CTIIC/documents/CTIIC_2018_Lexicon_without_banner_small_file_for_Post.pdf

3. The unauthorized transfer of information from an information system.

Source: Explore Terms: A Glossary of Common Cybersecurity Terminology, National Initiative for Cybersecurity Careers and Studies (NICCS), https://niccs.us-cert.gov/about-niccs/glossary

4. When an adversary has successfully gained access to a system, they may choose to copy over, that is exfiltrate, sensitive data. Just because an adversary has access to a system doesn’t mean that they necessarily will exfiltrate data. An attacker may not exfiltrate data because it does not achieve their aims, or it may increase their chances of discovery, or because the amount of data does not make it easy. This is why a data breach does not always mean that an adversary necessarily retains access to all the data that was exposed.

Source: Election Cybersecurity 101 Field Guide – Glossary, Center for Democracy & Technology, https://cdt.org/insight/election-cybersecurity-101-field-guide-glossary/

5. The transfer of data from an information system.

Source: U.S. Cyberspace Solarium Commission, March 2020, https://subscriber.politicopro.com/f/?id=00000170-c638-d8f7-a7f1-f63b33510000