Loss measurement for personal information breach incidents can be used as a basis for decision making for information security investments. In this vein, reasonable loss measurement is important in determining information security policies. However, the previous research is focused on estimating the amount of loss which is incurred after incidents. In order to be base data for decision making, loss measurement should include incident-causing-factors before incidents occur. In this paper, we propose a loss measurement model based on an improved FAIR (Factor Analysis of Information Risk) risk analysis methodology. Additionally, we verify the effectiveness of the proposed model by applying it to a large scale personal information leakage case.