[$n!pR]

Originally Posted by japsander how would they know most go "unreported"? how many times have THEY not reported? the only reason they reported this time was the fact that 70+ million details is quite a large number to hide away and forget about

They aren't wrong. Most companies keep this kind of stuff internal, do a google search.

Although 49% of the companies that took part in a survey conducted by RSA Conference said that their primary security concern was data leakage, such as employee or customer information, and 29% of them were in fact confronted with the problem in 2007, only 11% actually reported the incidents. "Security professionals need to remain cognizant of the regulations that their organizations must comply with and ensure they are taking steps to properly report the security incidents that are required by law - whatever they may be." said Tim Mather, Chief Security Strategist, RSA Conference. With no reports from the organizations that were affected, it is more and more difficult for both security specialists and legal regulators to take the right measures to reduce online security incidents. Aside from data theft, companies showed that they are mostly worried about email-borne malware/phishing (41%), web-borne malware, insider threats/theft (both up to 36%), intellectual property theft (34%) and known software vulnerabilities (24%).

Here's one that's more recent.