Fewer Hacked Records Does Not Mean Better Security

snydeq writes "The total number of compromised records has dropped substantially over the past couple of years, but not because organizations have come up with a superior recipe for defending their networks, InfoWorld reports. Instead, attackers are continually employing more focused forms of attack, looking for company intellectual property and financial data. Moreover, the low hack rate is also indicative of increasing ambition on the part of criminals. 'Today's APT (advanced persistent threat) attacks are aimed at taking over entire companies. At that level, individual data records just aren't that interesting.'"

Not sure about fewer records

[afidel]

I think the PSN and Epsilon hacks from this quarter are about as big as anything I can remember (including the TJX hack) as far as number of users affected. The PSN one is huge because they didn't just get account names and CC numbers but also answers to challenge questions, data of birth, address, and unhashed passwords (wtf?), basically everything except SSN that you'd need to complete identity theft.