A company takes the low road, and instead of securing the data properly merely offers credit monitoring.
Here's an idea to end this :
1] Require, by law, not just monitoring but the full cost of credit repair and restoration be borne, primarily by the executives of the breached company.
2] Fine the company 10x that cost, with all money to be directly distributed (NO LAWYERS!) to the victims of the breach.