Data protection is as data protection is enforced
Don't expect the ICO to take a tough line on this kind of breach, however incredulous. Even data protection legal experts such as Stewart Room from legal firm Rowe Choen have called the ICO's implementation of current data protection laws "weak, impotent and chaotic". Even in response to this massive breach of the DPA1998, rather than taking a due dilligence approach, we see the ICO has given a muted "see if anyone grumbles - if not, do nothing" enforcement approach.
The ICO's softly softly approach has never really worked, and the UK has built an unrivalled reputation in Europe for its leniency on data protection issues. Of course, the ICO is very busy, but I have a nagging feeling that their leniency with those flouting the law plays a role in dictating their workload.