Frederik Borgesius made me aware of this paper of note:
Data Breaches in Europe: Reported Breaches of Compromised Personal Records in Europe, 2005‐2014
Philip N. Howard
CMDS Working Paper 2014.1
Center for Media, Data and Society School of Public Policy
Central European University
From the Executive Summary, the major findings over the past decade:
- Some 229 data breach incidents involved the personal records of people in Europe. Globally, all these incidents resulted in the loss of some 645 million records, though not all of these breaches exclusively involved people in Europe. Within Europe, we confirmed 200 cases involving people in Europe, and 227 million records lost in Europe‐specific breaches.
- The total population of the countries covered in this study is 524 million, and the total population of internet users in these countries is 409 million. Expressed in ratios, this means that for every 100 people in the study countries, 43 personal records have been compromised. For every 100 internet users in the study countries, 56 records have been compromised.
- Fully 51 percent of all the breaches involved corporations and 89 percent of all the breached records were from compromised corporations. Among all the kinds of organizations from which personal records have been compromised, 41 percent of the incidents involved clear acts of theft by hackers, but 57 percent of the incidents involved organizational errors, insider abuse, or other internal mismanagement (2 percent unspecified).
- The level of sophistication and detail in journalism about issues of privacy and personal data has increased, but is largely driven by national “mandatory reporting” rules in particular countries. In other words, we know most about data leaks in countries where organizations are required to report that personal records have been compromised.
You can download the full report here (pdf)