What bothers me most in all this is now that they've allowed identity info to be compromised you have to monitor basically for the rest of your life-
Item #2 on what Congress could do if they want to be popular: re-think the Social Security #. A plain text # that can't change for life is ancient technology that provides a soft target for criminals, and makes life miserable for marks. All we can do is put a credit lock on the # which hurts ourselves more than any one bad guy.
I'm think if we throw some modern technology at it, it becomes more of a fair fight. I'm thinking of a system where if a potential landlord or loan agent wants to check my credit, I use my Credit Agency X App and request a one-time # that's like a single-use credit card #. It's not the actual Social Security #, but a temporary digital ID linked to my SS#. On this app I then send it to the landlord/agent using their public key in a PKI system. As soon as they use it, that # becomes invalid. If they don't use it, it times out within X days. When someone uses it, I'm notified of who used it and why. Rather than that information being the property of one of a handful of private companies who then try to sell that information back to me.
Social Security #'s need to be under the owner's complete control by design, rather than passed around willy-nilly among myriad private companies.