59K DATA BREACHES REPORTED SINCE MAY 25 2018

RETURN TO MAIN BLOG


59,330 data breach notifications have been reported to Data Protection Authorities (DPAs) across Europe by both public and privately-owned organizations since EU’s GDPR was passed on May 25, 2018.

The Netherlands, Germany and the UK lead the rankings with roughly 15,400, 12,600, and 10,600 reported breaches respectively, as detailed in a report published by the DLA Piper global law firm, while companies from Liechtenstein, Iceland, and Cyprus reported 5, 25 and 35 breaches respectively.

While a European Commission Statement issued on January 25 stated that companies reported 41,502 data breaches since the GDPR enactment, these results were “based only on the voluntary contributions of 21 (out of 28 EU Member States) data protection regulators” says DLA Piper.

Based on the law firm’s “research covering 23 of the 28 EU Member States, together with figures for Norway, Iceland and Lichtenstein (the three additional European Economic Area Member States), we calculate that there have been 59,430 reported data breaches over the same period across Europe.”

The DLA Piper report says that DPAs all over EU were quite busy with fines towards SME’s:

  • a €20,000 fine was imposed on a company for failing to hash employee passwords, resulting in a security breach.
  • a €80,000 fine in January 2019 for publishing health data on the internet
  • a €4,800 fine issued in Austria for the operation of an unlawful CCTV system which was deemed excessive for its partial surveillance of a public sidewalk.
  • Cyprus also reported four fines, with a total value of €11,500
  • Malta reported a total of 17 fines, a surprisingly large number given the relatively small size of the country.

Disclosed breakdown by EU Country totaling 59,330 data breaches:

  • Netherlands: 15,400 recorded personal data breaches 25.96%
  • Germany: 12,600 recorded personal data breaches 21.24%
  • UK: 10,600 recorded personal data breaches 17.87%
  • Ireland: 3,800 recorded personal data breaches 6.40%
  • Denmark: 3,100 recorded personal data breaches 5.23%
  • Sweden: 2,500 recorded personal data breaches 4.21%
  • Finland: 2,500 recorded personal data breaches 4.21%
  • Poland: 2,200 recorded personal data breaches 3.71%
  • France: 1,300 recorded personal data breaches 2.19%
  • Norway: 820 recorded personal data breaches 1.38%
  • Slovenia: 740 recorded personal data breaches 1.25%
  • Spain: 670 recorded personal data breaches 1.13%
  • Italy: 610 recorded personal data breaches 1.03%
  • Austria: 580 recorded personal data breaches 0.98%
  • Belgium: 420 recorded personal data breaches 0.71%
  • Czech Republic: 290 recorded personal data breaches 0.49%
  • Hungary: 270 recorded personal data breaches 0.46%
  • Romania: 260 recorded personal data breaches 0.44%
  • Luxembourg: 200 recorded personal data breaches 0.34%
  • Portugal: 170 recorded personal data breaches 0.29%
  • Malta: 100 recorded personal data breaches 0.17%
  • Greece: 70 recorded personal data breaches 0.12%
  • Latvia: 55 recorded personal data breaches 0.09%
  • Cyprus: 35 recorded personal data breaches 0.06%
  • Iceland: 25 recorded personal data breaches 0.04%
  • Liechtenstein: 15 recorded personal data breaches 0.03%
BLEEPING COMPUTER | Sergiu Gatlan