WASHINGTON (Reuters) - Public companies that are victims of cyber attacks should consider disclosing additional information beyond what's required to help protect customers whose private data could be at risk, a top U.S. regulator said Tuesday.