"only for the victims to potentially be defrauded 0.5/1/10/100 years later based on some of that data."
Yes, the usual sop is "one years free identity theft protection". Which is a cheap get-out and not actually protection as such. It's more of an early warning system that you identity has just been stolen. And as you state, that data is still out there, and much of it can't be changed. Two, three, four or more years down the line, when you "free identity theft protection" has lapsed, you lose everything and can't claim back on the people who incompetently lost your data three years in a row.
It's reaching the point (or has already reached the point) where some people are probably running multiple and consecutive "free identity theft protection" because they have been subject to so many data thefts.