Threat actors can exfiltrate data with a side-channel attack. A series of measurements of a side-channel constitute an identifiable signature which can then be matched against a signature database to identify target information, without having to explicitly decode the side-channel.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.