I hate it, but the way I see it is that all my info is out there anyways. I'm hoping the large amount of personal info of everyone else will help mask it.
I see some similarities here with the ISIS "hit list" and DoD's role there.
The overwhelming majority of info and photos used by ISIS on their "hit list" were obtained through open source DoD press releases and social media. We, the rank and file, are told over and over to be careful with what we put online. We're told over and over to be careful about how we protect our personal information. In both cases, Big Gubbmint demonstrated that what's good for us, is not necessarily good for them.
I'm more than happy to follow good advice - I don't post selfies from yesterday's pre-flight walkaround. Why does C5F think it's ok to post the very same picture with my name, squadron, and hometown? I'm more than happy to follow any number of IA "best practices" - Why does USG/DOD think it's exempt?
The funniest/saddest part of the OP's letter is the part about being automatically enrolled in identity theft protection program. So let me get this right... You've demonstrated an inability to safegaurd my personal info (it wasn't even encrypted for F's sake), but now you're going to pass it off to a third, maybe even fourth, party for more "safe keeping". GFY.
It's going to get very interesting if this story gets much more traction in the mainstream media. Imagine your civilian best friend's reaction the next time you call him to see if you can list him on your SF-86...