From what I've seen, few data breaches are the result of exploiting holes in the database engine itself. The major RDMS are solid in terms of security; and SQL Server itself is probably the best from that perspective. The biggest problem for database administrators is that they don't have a solid server configuration, network infrastructure, or application developers covering their bases.

Installing SQL Server on Windows Core Edition can help, because it reduces the surface area for attack and prevents IT staff from doing risky stuff like installing 3rd party apps or web browsing on the server.