Individuals should not have the responsibility to report digital security failures. As an individual who finds it fun to backdoor into websites due to their own failure helps me learn what not to do in the future. However an organization or company should definitely report these security flaws because it could be horrible for the customer or person affiliated with the organization.
As a consumer we should have the right to know if any of our private information has been accessed. However, if this information is already public through social media your private information may already be public. If your information has been accessed due to a security flaw and the organization knows about it, then it should be noted that your information may be compromised.
My opinion about shopping online does not change at all. There will always be vulnerabilities in which people will be able to get your information. I would not change my opinion because even if my information were able to be taken off the internet, if i was truly worried I would just get a reloadable creditcard and falsify my name but keep the address i would want it to ship to.
Heartbleed Server Scanner by Rehmann http://rehmann.co/projects/heartbeat