A differencing attack occurs when an attacker uses aggregate statistics from a database to learn information about an individual.

For example, to maintain privacy of individuals, a database of medical diagnoses may be constructed with a rule to reject queries that would return results for fewer than 10 people. If an attacker wants to determine the medical diagnosis of a single person, they could first query the counts of each diagnosis in the entire dataset, then the counts of each diagnosis in the entire dataset excluding the individual. Neither query would be rejected, because both include over 10 people. However, by finding the difference, the attacker can determine the diagnosis of an individual.