With respect to the Heartbleed incident, the press release from the CRA was that those whose numbers had been identified would be notified by mail. I believe they will do that.
In more general terms, the answer is no. From data that we've compiled over the years by penetrating black markets and also by compiling statistics of infection and so forth, we believe that for every victim of identify fraud, for every account emptied, there are probably 10 times as many that have been compromised. Fraud prevention measures of the banks are preventing cybercriminals from emptying more accounts but the criminals have a reserve of 10 times more accounts than they need, with a capacity to empty them out right now. There are many more victims of identify theft than there are of fraud. They just haven't been defrauded yet.