The action should be obvious - revoke all trust in the company that issued the certificates.
If they face financial melt-down due to this, and others see the consequences, maybe the future will be a little better. But saying so, it really points to a fundamentally broken system, and the certificate pinning that some browsers support is not enough of a "standard" to deal with it.