Data injection attacks serve as the hallmark example of the security concerns posed by the incorporation of advanced sensing and communication capabilities in power systems. Data injection attacks arise when one or several malicious attackers compromise a subset of the meters used by the state estimation procedure with the aim of manipulating the estimate obtained by the network operator. This chapter surveys the main data injection attacks that are formulated under the assumption that the state variables do not posses a probabilistic description and, therefore, the network operator implements unbiased state estimation procedures. Data injection attacks without this assumption are also studied. In particular, when the network operator perform minimum mean square error (MMSE) estimation, a fundamental trade-off is established between the distortion induced by the attacker and the achievable probability of attack detection. Within this setting, optimal attack strategies are described. The chapter also describes stealth attack constructions that simultaneously minimize the amount of information obtained by the network operator and the probability of attack detection.