Tuesday, 7th April 2020

100,000 data breaches and counting

Although GDPR has produced a massive shift in personal data protection, European countries are faced with the increasing number of data breaches. According to data gathered by PreciseSecurity.com, the Netherlands, Germany, and the UK topped the European rank for the number of data breaches, with more than 100,000 reported cases in total so far.

Netherland Has the Highest Number of GDPR Data Breaches


The EU's General Data Protection Regulation or GDPR came into force on 25 May 2018. Since then, the total number of reported data breaches jumped to more than 160,000, revealed the DLA Piper GDPR Data Breach Survey 2020.

This rising trend shows that hackers see personal information as highly valued data to compromise. However, it also indicates many organizations are still struggling to comply with data privacy legislation, despite the prospect of substantial fines.

The Netherlands reported the highest number of data breaches since GDPR came into force, 40,647, so far. Germany ranked second with 37,636, followed by the United Kingdom with 22,181 data breaches.

The Netherlands also has the highest number of GDPR data breaches per 100,000 people. From May 2018 till January 2020, this figure reached 147.20 violations. Ireland ranked second with 132.52 data breaches per 100,000 of its inhabitants. With 115.43 breaches per 100,000 people, Denmark took third place on this list.

Top 10 GDPR Breaches Caused nearly €450 Million Worth Fines

The rising number of data breaches also increased the total value of the GDPR fines imposed on European organizations and companies. The 2020 data show that the ten largest GDPR breaches caused nearly €450 million worth penalties so far. Compared to PreciseSecurity.com data from November 2019, the amount of ten biggest GDPR fines increased for €48 million in just three months.

Analyzed by countries, $314.9 million or nearly 70% of that amount was imposed by the UK's Information Commissioner's Office. In July 2019, British Airways was fined a record €204.6 million for a data breach, which is still the highest data breach penalty in the world. The ICO fined the British airline after the Magecart group used card skimming to collect the personal and payment information of up to half a million their customers.

The second highest data breach penalty of €110.4 million relates to a cyber incident notified to the ICO by American multinational company Marriott International, in November 2018. The event caused exposure of approximately 339 million guest records, of which 30 million connected to residents of 31 European countries and another 7 million to UK citizens.

Google's €50 million worth fine imposed by France's data protection regulator, CNIL, ranked third on this list. The fine was issued because Google failed to provide enough information to users about its data consent policies.

The fourth-largest GDPR data breach penalty of €27.8 million was imposed on Italian telecommunications operator TIM SpA in January 2020. The Italian Data Protection Authority, Garante received complaints that the telecommunications company placed promotional phone calls without consent and punished it for violations of the General Data Protection Regulation.

Venafi has published the results of a survey of 485 IT security professionals attending RSA Conferen...
Nutanix has published the healthcare industry findings of its second annual Enterprise Cloud Index R...
New location tracking capabilities mitigate risks of company data being unwillingly exposed; lowers...
FireMon has released its 2020 State of Hybrid Cloud Security Report, the annual benchmark of the clo...
Two 4SECURail teams aim to design a Computer Security Incident Response Team (CSIRT) for joint EU-Ra...
Security operations teams face challenges in understanding how their security tools work leading to...
Huntsman Security’s “Essential 8 Scorecard” wins “Best compliance product” and “Best SME security pr...
Global aerospace and defence supply chain specialist Pattonair has reinforced its data credentials a...