If the information disclosed can potentially result into an identity theft case, you should notify your customer.
I would not classify the accident as a security breach. It was a simple mistake and not an illegal and intentional action.
However, it is still a security/privacy violation. Therefore, the customer should be notified and the account monitored regularly for suspicious activities.
Christian Malatesti, CISSP, PCI QSA
Enterprise Risk Management, Inc.