Just when you think the US Federal and Intelligence agencies were done being breached. This happens. The Defense Information Systems Administration (DISA) has suffered a compromise of epic proportions. Will the madness ever end? The apologies are even hitting rock bottom. Used to be they would cover credit monitoring. Not anymore. Then again, I'm covered with the 10 that I already have...
The letter does state that they will provide credit monitoring, with details to arrive under separate cover -- but you are correct that the mitigation burden is increasingly on the victim. It does seem as if there is now a de facto data-breach process that has a very low cost to the breached party.
If one wants to stop breaches, the cost of remediation needs to exceed the cost of protecting the data in the first place. Perhaps, legislating a check to each victim instead of just a letter.
I only see one way out of these: permanently keeping credit freezes.
Maybe returning to cash and barter 😉