Problem is data theft doesn't meet the criteria of identify theft. You can't change your SSN until you have proof of identity theft, not a data breach.
I'm typically not particularly paranoid, but if a state actor wanted to destabilize the US economy, increasing the rate of fraud via identity theft sounds like a great way to do it. Crank it up just enough to hurt the economy, but not quite enough to break the identity status quo....
The leak of this data basically enables a denial of service attack against parts of the economy dependent on personal identity.
I know this is somewhat off point, but there's a https://en.wikipedia.org/wiki/Fallacy_of_division happening here when considering risk - individually, my chance of impact is low (I think?), but as a society, the risk of impact is very high.
I think that makes it worth replacing everyone's SSN, at a minimum.
The leak of this data basically enables a denial of service attack against parts of the economy dependent on personal identity.
I know this is somewhat off point, but there's a https://en.wikipedia.org/wiki/Fallacy_of_division happening here when considering risk - individually, my chance of impact is low (I think?), but as a society, the risk of impact is very high.
I think that makes it worth replacing everyone's SSN, at a minimum.