This is why [U]all[/U] bulk data collection is a serious security risk.
No matter who is doing the collecting, it is only a matter of time before an unintended third party gets their hands on it.
Government ordered collection & retention of browsing histories may seen harmless to the [I]‘If you’ve done nothing wrong you’ve nothing to hide[/I]’ brigade. (Although by their own logic, their refusal to discuss their own activities & policies suggests they have an awful lot to hide. )
But you can bet foreign agencies are trying their hardest to hack these databases. Why? No need to use a traditional honey trap to blackmail a foreign official any more, just print off a copy of their browsing history.