Still, I would have thought it is good practice to notify your users if you leak their data to thieves. Quora did the right thing and should be applauded.
As a counterexample, it seems that Newegg had a massive breach (thieves installed JavaScript that skimmed credit card numbers for weeks) in August, and even though my credit card was likely stolen, I hever heard about it from Newegg.
I somehow got their email a week or so after the event, and after my card's fraud prevention called for suspicious activity, reverted the transactions and cancelled my card. The bank official was not aware of the leak.
As a counterexample, it seems that Newegg had a massive breach (thieves installed JavaScript that skimmed credit card numbers for weeks) in August, and even though my credit card was likely stolen, I hever heard about it from Newegg.