In penetration testing terminology, what does data exfiltration refer to?

Data exfiltration is the unauthorized transfer of data from the target environment to an external location under the control of the attacker. In a penetration test, it refers to moving sensitive information out of the compromised network to demonstrate impact and to evaluate how well detection and response controls catch or block such activity. The transfer can use many channels—email, cloud storage, FTP, web requests to external endpoints, or covert channels like DNS tunneling—so long as the destination is outside the organization and the transfer isn’t authorized by the data owner. Internal data backups are legitimate protective or recovery processes, encryption of data at rest is a defensive measure to protect data while stored, and developing new data schemas relates to data organization and design, not the act of moving data out of the environment.