“Information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers.”
I personally feel that people’s ID should not be allowed to be kept in the cloud or online without the customer explicitly allowing it. Even under ideal case where the company or government accepts full accountability and responsibility, no amount of compensation or resolution can change the fact that the person’s ID is permanently stolen. There is no way to reverse the consequences of that once the horse has left the stable.