Nothing will change
As there is no meaningful consequence to losing personal information, this will continue to happen and the victim will continue to get absolutely no help whatsoever.
Except for the pointless credit monitoring, which just tells them how fucked they are.
So you have credit monitoring, someone uses your information to open a credit account and it dings on your monitored credit report 2 months later.
What fast, simple and painless method does the victim have to have that account closed and removed from their credit?
What consequence that actually compensates the victims and punishes the lax security does the company that allowed the breach suffer?
If a victim gets a mortgage, and their interest rate is increased 2% because their credit is now shit, who do they contact to receive monthly payments for up to 30 years to refund the difference between the rate they got and the rate they would have received?
Funny how none of this is even a consideration. No, you get credit monitoring. Woo-fucking-hoo.