What is the term for transferring data to unauthorized external domains?

The correct term for transferring data to unauthorized external domains is "data exfiltration." This refers to the unauthorized transfer of data, where sensitive information is moved from an organization's environment to an external location without permission. The term highlights the process of extracting data, often involving malicious intent to infiltrate networks and access valuable or confidential information.

In the context of counterintelligence, recognizing and preventing data exfiltration is critical, as it involves potential threats to national security or corporate integrity. Understanding this term is essential because it encompasses a wide range of activities, from simple copying of sensitive information to complex cyber operations that employ stealthy techniques to evade detection.

While other terms like data theft and data breach may be related, they carry different implications. Data theft typically implies the illegal taking of data with malicious intent, while a data breach indicates that an organization’s security has been compromised, leading to unauthorized access. Information leakage generally refers to accidental exposure rather than intentional extraction. This highlights why "data exfiltration" specifically captures the essence of the act of transferring data without authorization.