A security breach, even when tens of millions have been exposed to possible exploitation, seems to not move the shock meter a single click any more. The known damage and the potential damage is treated as a mere notification. We have been numbed of our senses.
Canadians think highly of their banks, so I am not expecting front page headlines giving Scotiabank the WTF treatment or a run on the bank by its business clients and private account holders. The corporate suits are counting on this and they will spew out the usual PR to cover it. This complacency, if not checked now, will end in a world of hurt for the bank's customers. If the leaked data has been collected, it will be appraised and sold to miscreants, i.e. organised crime and rogue states. The grim reality is that the bank will probably escape with a small fine by the regulators. They can also keep lawsuits in the courts for decades. They accept responsibility for causing the leak, but they are never held absolutely accountable.