When an encryption-settings definition is compromised, all data encrypted with that definition is vulnerable, and you must stop using the definition immediately.
If an encryption-settings definition becomes compromised, such as an unauthorized individual obtaining access to the encryption key, then any data encrypted with that definition is vulnerable because it can be decrypted using that key. It's important that the encryption-settings database is protected to ensure that its contents remain secure. For example, using file permissions or file system access control lists (ACLs).
In the event that an encryption-settings definition is compromised, stop using the definition immediately. You must re-encrypt any data encrypted with the compromised key with a new definition or purged from the server. Do this on one server at a time to avoid an environment-wide downtime and complete it as quickly as possible on all servers that used this definition at any point in the past to minimize the risk of data exposure.
To respond to a compromised encryption settings definition: