Personal data breaches from organisations, enabling mass identity fraud,
constitute an \emph{extreme risk}. This risk worsens daily as an ever-growing
amount of personal data are stored by organisations and on-line, and the attack
surface surrounding this data becomes larger and harder to secure. Further,
breached information is distributed and accumulates in the hands of cyber
criminals, thus driving a cumulative erosion of privacy. Statistical modeling
of breach data from 2000 through 2015 provides insights into this risk: A
current maximum breach size of about 200 million is detected, and is expected
to grow by fifty percent over the next five years. The breach sizes are found
to be well modeled by an \emph{extremely heavy tailed} truncated Pareto
distribution, with tail exponent parameter decreasing linearly from 0.57 in
2007 to 0.37 in 2015. With this current model, given a breach contains above
fifty thousand items, there is a ten percent probability of exceeding ten
million. A size effect is unearthed where both the frequency and severity of
breaches scale with organisation size like s0.6. Projections indicate that
the total amount of breached information is expected to double from two to four
billion items within the next five years, eclipsing the population of users of
the Internet. This massive and uncontrolled dissemination of personal
identities raises fundamental concerns about privacy.Comment: 16 pages, 3 sets of figures, and 4 table