In this paper we propose an actuarial framework and a statistical methodology allowing the quantification of Cyber claims resulting from data breaches events even when applied on few and heterogeneous data. Indeed, for now, just a few Cyber insurance claims occurred and in the same time some public databases gathered Cyber events. We propose to take advantage of the Privacy Right Clearinghouse database, paying attention firstly on the heterogeneity caused by the evolution of both the underlying Cyber risk and the data collection process through time, secondly on the extreme events and thirdly on the uncertainty on the exposure. We investigate the heterogeneity of the reported data breaches using regression trees customized with a splitting criterion based on Generalized Pareto likelihood in order to track different behaviors of the tail of the distribution. Combining this analysis with an assessment of the frequency of the claims and a cost formula for data breaches, we compute median and extreme quantile loss estimations of a virtual Cyber insurance portfolio.