"The majority of victims, well over 90% of the victims we have responded to, really don't disclose that these attacks occur" for fear of losing customer trust, Mandia said.
"The folks that perpetrated this intrusion have done it to hundreds of other organizations and usually they are very successful," Mandia said. "What's really unique here is the fact that the victim organization, The New York Times, has decided to share this information with the public, so people can be more aware of the problem -- because it's a very pervasive problem."
Marc Frons, chief information officer of The Times, told CNN that the newspaper believed it had prevented this attack from revealing confidential sources.
In the case of the investigation into Wen's family's finances, much of the information came from public records.
But Frons said The Times isn't letting its guard down after expelling the hackers.
"I think we're over this phase of the attack and obviously the types of things they tried to do previously they'll have a more difficult time doing, but this isn't over," he said. "As long as there are computers and networks we're going to be faced with cyber espionage threats."