"A lot of data breaches occur in that size range," Ponemon said, "but they don't get big media pickup any more because it's become a ho-hum topic."
Another finding in the AG report was that the retail sector was a prime target for intruders, representing 26 percent of all the breaches covered in the report. "We always find retail a higher probability than other industries for a material data breach of 1,000 records or more," Ponemon said.
Health Care breaches ranked third in the AG's report, making up 15 percent of the breaches. "Medical records are very valuable on the black market right now because they're a treasure trove of information," Ponemon noted.
While there have been concerns raised by business about public reporting of data breaches, Neohapsis' Hazdra believes reports like the one from the California AG can have a positive influence on businesses.
"Knowing organizations are being impacted and what that impact is helps business leaders decide how to go forward with security and encryption and protecting customer data," Hazdra said.
The AG's report is a good first effort, said John M. Simpson, director of Consumer Watch's Privacy Project. "Any time you do something the first time, there may be some flukes in what happened," he said in an interview. "So it's hard to generalize who's the most sloppy with data from one report."
But he added: "This is an important step to shine a light like this on the problem, and it may prompt some better data management practices by companies when they see their names in reports like this."
Sign up for CIO Asia eNewsletters.