What do we do? Well, so far the federal government is offering free identity-theft protection to its employees, but that response is like putting a Band-Aid on a severed limb — so pathetic it’s not even cosmetic. This isn’t like a broken code, where we can just change things around and be almost as good as new. Once out, this information will remain current for years, and there’s no easy or effective way of doing much about that.
But we can learn our lesson, at least. The United States is highly vulnerable to cyberwar, and not very good about defending against it, especially in the lame-and-inept government IT sector, which has not distinguished itself in terms of competence. (Remember HealthCare.gov?)
For the federal government, one lesson is that really important stuff shouldn’t be put online at all. Paper documents have their problems, but at least they can’t be hacked and stolen en masse.
For the rest of us, the lesson is that we should probably think twice before entrusting the federal government with our own information.