The re-emergence of the hacktivist movement appears to have thrown a spanner in the works for those in the InfoSec industry charged with data breach trend analysis.
There has been a series of massive data breaches over the last 16 months - each of which compromised more than a million identities.
During the same time, much smaller incidents occurred in which only a handful of records were stolen.
CQR Consulting chief technology officer Phil Kernick said in July that the Anonymous hacking collective “tend[ed] to find the vulnerable sites first, and justify their actions afterwards”.
The August Symantec Intelligence Report reflected the skewed results in a comparison of the first eight months of this year against the last eight months of 2011, covering what the company said was the revival of the hacktivist AntiSec (anti-security) campaign.
The median number of identities stolen in data breaches had risen some 41 percent since last year from 4000 per breach to 6800.
“The top five breaches in our 2011 data set all registered in the tens of millions of identities. In 2012, only one breach registered above 10 million,” report author Paul Wood said.
“The reasons for this drastic drop in average number identities stolen point to the fact that, while the overall number of attacks were about the same, the number of records stolen in the biggest attacks in 2011 was much larger.”
However, the report also found the average number of identities stolen fell from 1,311,629 per breach to 640,169 this year.
“While the overall average number of identities stolen is down, the core number of identities stolen - when accounting for variance - is increasing over time,” Wood said.
But the wild variance in breached records which skewed results made it difficult to identify trends, he said.
The study found that while attacks decreased, the number of breaches plateaued. There were on average 16.5 breaches per month in 2011 compared to 14 this year.
Wood speculated that the drop in the size of breaches could indicate enterprises had shored-up information security following the large breaches of last year, or that hackers were targeting smaller organisations that hold more sensitive data.
Retail businesses suffered the highest number of identities (40 percent) extracted per breach this year, ahead of telecommunications (15 percent) and computer software (13 percent).
However the health care sector endured the most breaches, (34.1 percent) followed by computer software (14.3 percent) and education (11 percent).
The report has been posted online (pdf).