Notifying users in the event of a data breach is required by law in most of the United States. Failing to follow these laws can result in expensive lawsuits. In addition, keeping a breach hidden could result in even more outrage from users and the press. Instead, promptly and thoroughly notify your users to help them prevent identity theft and other harms and to start to repair your relationship with them.
PLAN AHEAD
If you suffer a breach, maintaining your customers’ good will requires that you do everything in your power to protect them from further harm. Contact law enforcement officials, banks, credit payment processors, and credit agencies to try to head off fraud and other harm. Taking steps such as offering free credit monitoring to any user whose data was exposed can mitigate the damage both to your users and to your reputation. By being forthright about the problem and offering clear guidance and assistance to your users about how they can protect and monitor their own privacy, you will reassure them that you take your business responsibilities—and their privacy—seriously.
Businesses fail to offer mitigation services such as credit monitoring 29% of the time in cases where it would be helpful. - California Attorney General's 2014 Data Breach Report