This is just speculation, but I believe a lot of these new warnings are the result of California's new law forcing disclosure of these events. I'd venture that it was probably happening before, but they just kept quiet about it. And if someone doesn't conduct business in California, you still won't know until it's too late.
On the other hand, some of these may be cases where the *potential* exists that someone accessed your data, but really didn't, but the company is covering it's ass.
Some of these attacks could be mitigated if these companies encrypted their backups before they go off-site (which they should already be doing anyway).