So...there was a 2 month delay putting who knows how many people a further risk. I'd they catch the criminal(s) responsible?
My first response is the consumers/customers should be told immediately so they can protect themselves by canceling credit cards, etc.
But we can't evaluate the risk/reward for the delay without more information. How often are the criminals caught? Does the delay increase the chances of them being caught?
My concern is retailers/credit card processors etc. stop informing the Feds of the breach and instead cover it up. If informing the Feds puts them even more at risk, businesses will choose cover ups.
Consumers loose...
Protecting people is more important than catching criminals, unless it puts an even larger number of people at risk.