To be clear: Blizzard (nor any other gaming company) is not required by law to notify anyone of anything.
Here's a little excerpt I wrote at the time:
Now, if something very bad were to happen, then yes - a large announcement would be made.Well, it just happened with Runes of Magic. =]
Here's a link to the news article.
Basically, a hacker obtained login/personal data from their account database and is now holding the information "hostage" until Frogster/RoM Team changes the "forum communication practices and technical aspects of Runes of Magic operation".
The only reason that the company is releasing this information NOW is because it's been made public and they're being "held hostage." The data breach actually occurred back in 2007 by the way. They sat on this data breach information for 4 years before telling anyone and probably would have continued to do so until the hostage situation was made public.
Still think this hasn't happened anywhere else? It's actually more common then you think, and I'm not just talking video games.