CNIL: first report on the personal data breach

Homepage | News

Key figures and data breach

Four months after the entry into force of the GDPR, on October 16, 2018, the CNIL published its first quantified report on the violations of personal data.

What is the result of these first months?

The CNIL has confirmed the reception of 742 notifications of breach (between May 25 and October 1rst) that would concern the data of 33,727,384 people located in France or elsewhere.

These breaches concern:

  •  Confidentiality (695 notifications)
  •  Availability (71 notifications)
  • Integrity (50 notifications)

Which sectors come mainly from the notifications?

The CNIL found that the majority of notifications come from the hotel sector with 185 notifications of breaches. This high volume has its origin in a particular case: a service provider, providing its clients with booking tools, had a data breach.

What are the causes of these violations?

According to the report of the CNIL, the reasons of these violations of personal data were:

  • 421 come from hacking;
  • 62 come from data sent to the wrong recipients;
  • 47 result from lost or stolen equipment;
  • 43 are due to unintentional publications of information;
  •  99 others.