Hostinger – Study of cyberattacks and GDPR fines

USA in 1st place in both analyses, Germany follows in 2nd place for attacks

[datensicherheit.de, 03/14/2025] US companies and institutions are the most frequent victims of cyber security attacks worldwide, followed by Germany and the UK. This is the result of the latest analysis by international web hosting provider Hostinger, which has evaluated the reported cyber security incidents and GDPR breaches since 2008. The offenses are diverse, ranging from the disclosure of sensitive data and spying on employees to accessing surveillance cameras in bedrooms. US companies are also in first place when it comes to fines imposed for GDPR violations in the EU. Germany, on the other hand, is only in 10th place in the fines ranking. Facebook had to pay the highest fine in the settlement.

In the spotlight: Rheinmetall, Lufthansa and US companies

According to the latest analysis, 7,422 cyber security attacks have been registered worldwide since 2008 – including data breaches, cyber attacks and other security incidents. The USA leads the ranking with 3,024 reported incidents. Germany follows in second place with 912 incidents, while the United Kingdom is in third place with 276 reports.

The American companies Microsoft, OpenAI and AT&T reported the most cyber attacks. The most popular target in Germany is Rheinmetall. The arms manufacturer and automotive supplier was threatened by malware infections and DDoS attacks, among other things, and had to shut down some of its IT systems. The German airline Lufthansa was also a frequent victim of hacker attacks. Some of the attacks led to delays and flight cancellations or exposed Miles & More customer data and boarding passes.

Cyber security attacks: Microsoft is attacked most frequently

With a total of 4,852 attacks, it is primarily private companies such as Spotify, Shell, Telekom and Volkswagen that are affected. However, public institutions such as the German police, municipalities, town halls and universities also had to contend with cyber attacks. The number one victim, with 20 reported cyber security attacks, is Microsoft. This includes, for example, a leak of over 2000 employee files. Sam Altman’s company OpenAI, whose most prominent product is probably ChatGPT, is in second place with ten cyberattacks. Eight attacks went to the US telecommunications group AT&T, which is in third place.

In general, the type of data captured from the ranking of cyber security attacks is diverse and sometimes bizarre. For example, a five-year-old pupil takes printouts with patient data to school as drawing paper. Some of the attacks are also worrying. For example, a hacker offers data from over 48 million users of the Shanghai COVID-19 app for sale. North Korean cyber criminals are attacking Russian missile manufacturers and another hacker group is coordinating DDoS attacks against websites of the German Armed Forces (Bundeswehr).

US companies record the highest volume of fines – Germany in 10th place

The total number of fines for GDPR violations in the EU since 2008 amounts to more than 14 billion euros and relates to 3,900 offenses. The EU has imposed particularly high fines on US companies. They had to pay a total of 6.66 billion euros for breaches of the rules. One of the main culprits is likely to be Mark Zuckerberg, whose company Facebook was fined 4.53 billion euros in 2019 alone. Ireland is in second place with a fine of 3.91 billion. Seven of the fines, the highest at 1.2 billion, went to Zuckerberg’s Irish subsidiary Meta Platforms Ireland Limited. China is in third place with fines totaling 1.16 billion euros. Germany is in tenth place with a total fine volume of 63.79 million euros and had to pay an average fine of 132,347 euros for 482 violations. In comparison: Americans pay an average of over 208 million euros.

About the study

Hostinger has collected and analyzed 7,422 security incidents and 3,900 fines levied since 2008 via a German GDPR portal.

Further information on the topic:

CMS Hasche Sigle Partnerschaft von Rechtsanwälten und Steuerberatern mbB
GDPR Enforcement Tracker

Hostinger
Die komplette Untersuchung mit detaillierten Angaben (Complete study with details in German)

datensicherheit.de, 24.01.2025
Laut Studie von DLA Piper wurden 2024 europaweit 1,2 Milliarden Euro DSGVO-Bußgelder verhängt