I think you have to get some perspective about this - if we reported every time we actually got some kind of attack, we would be registering reports approximately every minute - we can see logs of (mostly very incompetent!) SQL injection feelers etc all the time. Sometimes even when an attack has some limited success you can just re-assemble a VM or something and change an account - cyber attacks sound exciting but are essentially mundane in the web development game.

Certainly though where data is compromised then it would be nice to think this might be put out into the open - nice to think if probably fairly unrealistic. Where I am now I believe this would be the case however I have worke at companies where such information is held down very tightly.