CEU releases ‘largest-ever study of European data privacy breaches

Findings from a report released by Central European University's Center for Media, Data and Society (CMDS) indicate that the personal data of millions of Europeans have been compromised with 89 percent of the breaches the fault of corporations, rather than governments or other kinds of organizations. 24 percent of the Europe-specific breaches were the result of breach attacks launched from the UK, and for every 100 people living in the UK, 200 personal records have been compromised.

  • 10 years ago Posted in

“This is the largest investigation of privacy breaches in Europe ever undertaken,” said Philip Howard, CEU Professor of Global Media and Communication and director of CMDS. “We looked 350 incidents over a 10-year period, with a very focused look at the 229 incidents that directly involved the privacy of people living in Europe.”
The total population of the countries covered in this study is 524 million, and the total population of internet users in these countries is 409 million. Expressed in ratios, this means that for every 100 people in the study countries, 43 personal records have been compromised. For every 100 internet users in the study countries, 56 records have been compromised.


Howard oversaw a team of multilingual 12 students at the CEU School of Public Policy (SPP) who reviewed news stories by citizen and professional journalists describing privacy breaches around Europe. Six months of research and refining brought the total down to 229 well-verified cases representing almost every country in the EU, plus Norway and Switzerland. Germany, Greece, Netherlands, and Norway are all countries with unusually high levels of privacy breaches.


One of the team's main findings is that the loss of private information seems to involve organizational insiders – the people who work for the organization – more than malicious hackers. According to Howard, 57 percent of the incidents involved organizational errors, insider abuse, or other internal mismanagement (2 percent unspecified).


“In the news we hear a lot of news stories about hackers who break into systems and steal our personal information.” Howard said. “But that was the minority of incidents – far and away, most of the cases organizational errors, insider abuse, or other internal mismanagement.


Howard said the next move for public policy is mandatory reporting. “When personal records are compromised, both companies and government offices should be required to report the possible privacy breaches both to the victims and a privacy commissioner. Most people don’t know who has legitimate access to their personal records, and they deserve to know when those records have been compromised.

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...