CEU releases ‘largest-ever study of European data privacy breaches

Findings from a report released by Central European University's Center for Media, Data and Society (CMDS) indicate that the personal data of millions of Europeans have been compromised with 89 percent of the breaches the fault of corporations, rather than governments or other kinds of organizations. 24 percent of the Europe-specific breaches were the result of breach attacks launched from the UK, and for every 100 people living in the UK, 200 personal records have been compromised.

  • 10 years ago Posted in

“This is the largest investigation of privacy breaches in Europe ever undertaken,” said Philip Howard, CEU Professor of Global Media and Communication and director of CMDS. “We looked 350 incidents over a 10-year period, with a very focused look at the 229 incidents that directly involved the privacy of people living in Europe.”
The total population of the countries covered in this study is 524 million, and the total population of internet users in these countries is 409 million. Expressed in ratios, this means that for every 100 people in the study countries, 43 personal records have been compromised. For every 100 internet users in the study countries, 56 records have been compromised.


Howard oversaw a team of multilingual 12 students at the CEU School of Public Policy (SPP) who reviewed news stories by citizen and professional journalists describing privacy breaches around Europe. Six months of research and refining brought the total down to 229 well-verified cases representing almost every country in the EU, plus Norway and Switzerland. Germany, Greece, Netherlands, and Norway are all countries with unusually high levels of privacy breaches.


One of the team's main findings is that the loss of private information seems to involve organizational insiders – the people who work for the organization – more than malicious hackers. According to Howard, 57 percent of the incidents involved organizational errors, insider abuse, or other internal mismanagement (2 percent unspecified).


“In the news we hear a lot of news stories about hackers who break into systems and steal our personal information.” Howard said. “But that was the minority of incidents – far and away, most of the cases organizational errors, insider abuse, or other internal mismanagement.


Howard said the next move for public policy is mandatory reporting. “When personal records are compromised, both companies and government offices should be required to report the possible privacy breaches both to the victims and a privacy commissioner. Most people don’t know who has legitimate access to their personal records, and they deserve to know when those records have been compromised.

TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.
Commvault provides cloud-first organisations with greater choice and flexibility to protect and...
On the morning of September 20, Executive Director of the Board of Huawei and CEO of Huawei Cloud...
Global IT Business-to-Business (B2B) revenues, coming from data centers, IT services and devices,...