What if your eCommerce site is breached by hackers?
First, you have to assume that they have taken copies of all files on the server. Of greatest importance are those files containing customers' stored credit cards.
Perhaps it's your civic duty to alert all the customers, via email, that the server has been compromised and their stored information may now be public. Most people will use this notification to heighten their awareness of credit-card purchases, to ensure that someone else isn't fraudulently using their card number. (Some, upon realizing that their addresses may be public knowledge, may fear for their personal safety!)
I think it's imperative, though, that you delete all stored credit cards from the server immediately. The next time a customer places an order, they receive a message telling them of the deletion — and why. At this point the customer must re-enter the credit-card number. Whether he chooses to keep it stored in your database is his choice.
It might be really smart to post a news release on your web site, documenting the break-in, when you detected it, how you think it happened, and what you've done to prevent it from happening again. Also, what steps you're taking to prevent future break-ins of a similar type.
To all web-page developers: If you're going to have a country pop-up list, put the US at the top, then the European countries, then the rest of the world.
Yeah, there might have been a couple hundred web surfers in Afghanistan — and maybe there are still one or two — but by far the vast majority of surfers and buyers live in the USA.