Why you must understand the difference between data THEFT and data LEAK

Understanding the difference between data theft and data leak is important. We use these terms interchangeably, but actually, they refer to different types of breaches. Understanding this difference is important as each requires a different prevention strategy to protect your business data.

Data Theft from a Bank

Image courtesy of storeyset on Freepik

Personal Identifiable Information v Intellectual Property

Before defining the different data terms, it is necessary to understand that businesses generally have two categories of data:

    • Personal Identifiable Information (PII) – such as email addresses, telephone numbers, credit card details, social security details, religion.
    • Intellectual Property (IP) – such as customer lists, financial statements, trade secrets.


PII is legally protected by country-defined Data Protection Acts. In the EU, GDPR outlines the processing of personal data of individuals, regardless of the organisation’s location. In the UK we have UK GDPR which is a domestic version of GDPR adopted after the UK left the EU. We also have the DPA 2018 alongside UK GDPR to address specific UK requirements not covered by GDPR. Any UK business that believes they may have disclosed PII to an unauthorised body is legally obliged to notify the Information Commissioner’s Office of a potential breach.


Proprietary Intellectual Property protection is not mandated. Nor is there a legal requirement to declare this type of data loss unless industry-specific regulations insist. However, the consequences of loss of this type of data can be severe. It can lead to financial loss, corporate reputation or brand impact, or organisational downtime.


The differences in these two data categories are explored in more detail here.


Terminology: The difference between data theft and data leak

Data Loss

Data loss is an umbrella term used to describe unintentional (data leak) or deliberate (data theft) exposure of data. This could be data held on a device, on a network or in the cloud.

Undoubtedly data loss can have negative impacts. But the opposite is also true. Many studies have shown a link between increased demonstrable data protection and increased customer loyalty. Hence, businesses often show their commitment to customer data protection through certifications such as Cyber Essentials, or larger businesses might consider a framework such as  ISO27001.

Data Breach

A breach occurs when access to sensitive data is gained within a secure perimeter, by either an unauthorised person or an unauthorised application such as malware. Even if the data is not exfiltrated. A breach can involve PII or Intellectual Property. A breach only becomes data loss when data has been removed from its secure holding.

Data Leak

Data leak is the unintentional, accidental disclosure of data, usually due to human error. Typically, this is PII data emailed to an unintended third party, a social post, or a web forum. The primary cause of data leaks is a user’s lack of understanding of data protection.

Data Theft

Data theft is the intentional, deliberate attempt to exfiltrate data. Typically, this is theft of valuable business proprietary Intellectual Property. The objective of data theft is to sell the data on the dark web, to exploit the data or an individual, or to sabotage the company. Or it could simply be to cause disruption. Theft opportunities occur from vulnerabilities or misconfigurations in hardware or software.  Data theft has traditionally been via hackers, for resale of the data on the dark web. Today we are increasingly seeing politically motivated, or state-sponsored data theft. Another source of data theft is disgruntled employees.


Data Leakage v Data Theft infographic PDF

Personal Protection: Data Leakage Prevention Strategies

Data leaks can be mitigated through user training and a strong cyber awareness culture within a company. This includes awareness of phishing emails, social engineering attacks, clickjacking attacks, ransomware attacks. As well as understanding why users should use VPN, etc. Application-specific mitigation comes from content-filtering Data Loss Prevention software. Such as Microsoft’s Purview, which monitors the content of emails for PII disclosure. User Access Control methods can be used to restrict the data that individual users can access.


Learn more about data leakage prevention techniques.


Business Reputation Protection: Data Theft Prevention Strategies

Data leakage can be MITIGATED. But mitigation comes too late in a cyber kill chain for data theft. Instead, when it comes to data theft, the emphasis is on PREVENTION.


Data theft prevention, or indeed elimination, requires the continuous monitoring of outbound data to block any exfiltration attempts before they become a cyber breach. Without monitoring outbound traffic, businesses remain unaware that data has been stolen. The first warning could be when their competitor starts to undercut them in every deal.


Data encryption is often cited as a breach-prevention technique. It is highly recommended to encrypt both data stored on devices or USB (eg using Microsoft’s BitLocker) and data being sent over the Internet such as email, cloud application data, etc. (eg using VPN).  Encryption itself does NOT stop theft. The idea behind encryption is to make it incredibly hard (maybe not impossible) for a bad actor to read stolen data.


Learn more about data theft prevention techniques.


What’s the worst that can happen? Real-world Data Loss Examples

Breach – Equifax

Probably the most well-known data breach is the 2017 cyberattack on Equifax, a credit reporting agency. Over 147 million PII data records were exposed, including names, addresses and social security numbers. A congressional hearing resulted in a $700 million compensation settlement for the victims. Additionally, Equifax’s stock dropped 31% post-breach.

Leak – Police Service of Northern Ireland

In 2023, the names of 10,000 Northern Irish police employees were accidentally leaked in a freedom of information response. The repercussions were not only severe corporate reputational damage and loss of public trust but may have impacted the lives of serving police officers. This leak occurred weeks after the theft of a police-issue laptop containing the names of 200 staff stolen, and a police-issue laptop falling from the roof of a moving police vehicle.

Theft – LastPass

The most recent, high-profile data theft was of a LastPass password vault data. In a highly targeted attack, a vulnerability in a third-party application gave attackers access to a developer’s device whilst working from home. The theft has been linked to a crypto heist with almost $35 million having been stolen from victims.



Any business that strives to have a robust data protection strategy needs to understand the different data loss nomenclatures. Ultimately data loss prevention requires a holistic approach to both leakage and theft prevention techniques. Each requires a slightly different approach and neglecting one over the other could turn a data breach into a data loss.

About the Author

Dr Mark Graham, CEO of ZORB Security

Dr. Mark Graham has spent over 30 years in cybersecurity.  He completed his PhD in malware detection in Cambridge, UK where he also lectured in Information Security, Cybercrime, and Pen-Testing.  He is a co-founder of ZORB Security which specialises in eliminating data theft.

10 FREE Licences, on us!

Start your outbound data protection journey TODAY.

See first hand how ZORB stops

– data theft from hackers, malware and insider attacks

– cloud data misdirection

– malicious updates

10 FREE Licences

No credit card required

author avatar
Dr Mark Graham