"Datrix told its customers in a fresh email alerting them to the incident. Company reps also phoned all of those who had been emailed by the phishers to ensure the warning got through, Wirszycz told us."
This is how a breach should be dealt with. Yes, you shouldn't click on links in e-mails, but it will occasionally happen. The point is, when it does, to be ready and swing into action immediately. Afterwards, you need to assess the damage quickly, alert everyone compromised, and be up-front about what happened. The extra phone call is just another layer of security.
Most other companies could learn from this response.
Biting the hand that feeds IT
