I still think making customers aware would go a long way. And we only have to go back to the Equifax breach to learn that companies are hardly forthcoming about who is and isn't compromised.
I get your conclusion but that doesn't excuse T-Mobile from notifying customers that their data has potentially been breached. I would much rather be aware that there is a distinct possibility my cell carrier's data on me because I can take some small actions to mitigate any potential damage (change password, update pin, etc). Being aware is half the battle with online security.
I'm not sure that the lack of repercussions is a reasonable excuse. I know companies will use it. I know we might throw our hands in the air and just say its a fact of life. But it doesn't have to be.