A common end goal of an attack against SQL Server is to steal data. An attacker is able to achieve this aim without even gaining access to the SQL Server instance, if they are able to gain access to database backups. In this scenario, they can simply restore the backup onto their own instance, gaining full, administrative-level access to all data within the database. In this chapter, we will refresh ourselves with the semantics of database backups before discussing how we can mitigate the risks of backup theft.