"A lot of people these days accept the fact that their data online is not safe and will be subjected to theft at some point."
I don't know about that, if we're talking about credit card details then I don't think many people have resigned to the fact that they will be stolen at some point. Breaches like this should be independently investigated and if there was failings by the organisation, whether it is in staff training (allowing a random engineer to 'fix' their card payment terminal) or not holding data security, they should be hit with a significant fine. It may be argued that this will make companies fail to report a breach, however just make reporting mandatory and have an even larger fine with sanctions if they fail to report.
How does a credit monitoring service help in these circumstances, I though that just affect identity fraud and opening up accounts in your name, not payment card fraud?