I can’t imagine this can go on too much longer. However, I don’t see an entity willing to stop it.
I have experience with identity theft form beginning to end.
My wife’s ID was stolen under her maiden name 1 year after our marriage. She can prove that she was in labor with our first child at the exact time that some major transactions took place across the country. The creditors deduced that she must have loaned credit/phone calling cards to someone for the express purpose of fraud. NICE!
I have a friend that is retired who buys, for resale, abandoned storage lockers. He acquired through auction a storage space packed to the brim with fraudulent driver’s license, and credit card manufacturing supplies. He finally was forced to drive to a county facility to surrender the equipment as no local law enforcement agency was willing to feign interest.
I work in industry, and do my very best to insure that customer data is safe upon any machine that I administrate. When I see firms that somehow work the hemorrhaging of personal data into the cost of doing business I am reminded that no one seems to care. The lending agency writes it off as bad debt, the offending company is slapped on the wrist and law enforcement states lack of resources. Who in this twisted ecosystem is left unprotected?
YOU!

I would think that companies like ACS would keep Data information like a TOP SECRET FILE.

I work on the security staff for a national retailer and we are trying to avoid situations like this. Many of our users who might have access to personal or confidential data travel quite frequently and for that reason (and just because it’s a good thing to do) we encrypt the workstations/laptops and we’re working toward forcing the encryption of any data copied to removable devices (burning cd’s, usb devices, etc..). Just seems odd that this happened to the same company more than once, there CIO must have his head up his a$$.