Hacktivists stole more data from large corporations than cybercriminals in 2011, according to a study of significant security incidents.
The annual analysis of data breaches by Verizon uncovered a huge rise in politically motivated attacks.
Verizon found that 58% of all the data stolen during breaches in 2011 was purloined by these groups.
Hacktivists were hard to defend against, it said, as their attack strategies were much harder to predict.
The Verizon report catalogued 855 incidents around the world in which 174 million records were stolen.
"Hacktivism has been around for a some time but it's mainly been website defacements," said Wade Baker, director of research and intelligence at Verizon. "In 2011 it was more about going to steal a bunch of information from a company."
The hacktivist attacks were spearheaded by the Anonymous hacker group and its tech-savvy offshoots Antisec and Lulzsec. These activists scored a significant number of successes by knocking out websites and stealing large amounts of data from private companies and government agencies.
"Data theft became a mechanism for political protest," said Mr Baker. He added that it was hard to develop specific defences against these attacks because they used tactics and techniques crafted for each occasion.
He said the attacks by hacktivists were not very common but often netted huge amounts of data when they did penetrate defences.
In contrast to that stolen by hacktivists, about 35% of data pilfered from large companies was taken by organised criminal groups which wanted to sell it or use it to commit another crime.
Mr Baker said cybercriminals continued to be a huge threat to large companies, and constantly battered their internet defences looking for weaknesses. These attacks, he said, tended to be opportunistic and capitalised on any loopholes and vulnerabilities they found.
While few firms were going out of business or suffering lasting damage because of a data breach, he said, companies still had work to do to ensure they knew they were safe.
"The ability to detect a breach is quite poor across the board," said Mr Baker.