Data breaches are always a concern, so that data on their diffusion and ensuing damages are always welcome. I've just read a recently published paper on the subject: "Towards a Model for Data Breaches: An Universal Problem for the Public". It reports a sample of the data on data breaches gathered by the Privacy Rights Clearinghouse, a nonprofit corporation, whose mission (ion their words) is to engage, educate and empower individuals to protect their privacy. While the analysis of data coming from this organization is rather new in the literature, on the overall I found the paper quite disappointing. First of all, Though the data from PRC stretch all over 2013, the authors of the paper limit themselves to a sample pertaining to the 2005-2010 (i.e., over 4 years old). In addition, though the title claims that they provide a model for data breaches, they actually limit themselves to classify the data breaches by industry and report the resulting time series, without trying to explain the not-so-monotonic behaviour. I hope the authors will be able to extract much more information from those data, in a way similar to the Verizon report on their data. My sketchnote summing up the paper can be downloaded here.
Holtfreter, Robert E., and Adrian Harrington. "Towards a Model for Data Breaches: An Universal Problem for the Public." International Journal of Public Information Systems 10.1 (2014).