Granted, they’ve listed a fairly prominent Security Notice on their home page, but it seems a little irresponsible to not email their clients, or automatically force a password change for these accounts. I suspect most institutions would do that by default in the event of a compromise.
Last time Monster.com was breached (in 2007), they supposedly snail mailed millions of users warning them, worried that users wouldn’t trust email as a result of the breach. Perhaps they’ll snail mail again?
Posted by d2d.