Why would reissuing passports help? The old passport is still valid and only the government is actually able to tell whether it's cancelled (as they have access to the passport DB), but for all other intents and purposes (identity verification for banks, etc) the other passport still appears perfectly valid.
Stolen and lost documents are logged in an international data base. I have lost my ID a few years ago. Every now and then I am being asked at borders whether I have found it or it was still lost.
Banks check during the KYC process whether the document ID is on this blacklist. If yes, authorities are contacted.
Hence, once compromised/lost, apply for a new one and tell them what happened with your old one.
In my experience IDs are checked very informally by most companies such as utilities, etc. GDPR access requests usually require a proof of identity and I very much doubt they are checked beyond the details on them matching the account so it can be yet another vector for stealing more data based on the passport. Banks are probably the only place where they may be checked against s lost/stolen DB but it won't prevent you getting your SIM & phone number taken over because someone impersonated you to your mobile carrier.
The individual, as usual. Even if there's some legal recourse the inconvenience and expense will be larger than the payoff. And there's no legal framework to just be compensated by default in such cases.
Why would you need to cancel and reissue any passports? At worst the hackers might have stolen some passport numbers and expiry dates. What exactly could they do with those that would warrant issuing an entirely new passport?
"Other than as referenced in the following paragraph, passport details and credit card details of these customers were not accessed"
The following paragraph says 2208 credit cards details were stolen.