If that ever becomes standard, every actually relevant notification would be lost in the noise. Multiple local privilege escalation vulnerabilities are discovered yearly in both Linux and Windows (along with many other OSes and userland applications). Do you really want that every single company releases notifications that roughly every single of their systems were vulnerable since the day they were created until date X each time that happens? After all, there is no way to prove no one abused that before their systems were patched (including the period between system creation and vulnerability being publicly released).
It is much more likely in my opinion that people would become desensitized to data breaches and stop taking any of them seriously. Equifax or Cambridge Analytica would have been just another in a deluge of notifications.
