Sensitivity Label Leakage

Sensitivity label leakage refers to the exposure or misuse of classification metadata, such as Microsoft Purview Information Protection (MIP) sensitivity labels, through which information about the nature, importance, or confidentiality of a file is unintentionally or deliberately disclosed. While the underlying content of the document may remain encrypted or otherwise protected, the presence and visibility of sensitivity labels alone can reveal valuable contextual information to an insider.

This form of leakage typically occurs when files labeled with sensitivity metadata are transferred to insecure locations, shared with unauthorized parties, or surfaced in logs, file properties, or collaboration tool interfaces. Labels may also be leaked through misconfigured APIs, email headers, or third-party integrations that inadvertently expose metadata fields. The leakage of sensitivity labels can help a malicious insider identify and prioritize high-value targets or navigate internal systems with greater precision, without needing immediate access to the protected content.

Examples of Use:

• An insider accesses file properties on a shared drive to identify documents labeled Highly Confidential with the intention of exfiltrating them later.
• Sensitivity labels are exposed in outbound email headers or logs, revealing the internal classification of attached files.
• Files copied to an unmanaged device retain their label metadata, inadvertently disclosing sensitivity levels if examined later.