Yikes!
Ok, here is the bad news. This type of breach is more significant than most online hacks of just credit card numbers or SSNs. How it didn't make headlines is beyond me.
The worse news: Most hackers understand that people get one year of credit monitoring and will let some data like this "cook" for 13 months after a breach notification, at which point the "free" credit monitoring goes away.
The good news: Placing a freeze on your credit reports if you've received one of these letters is really easy and free. The credit report is also the only way of actually significantly decreasing fraud in your name. The only pain point is that you'll have to keep a protocol sheet handy for when you apply for credit lines to call the reporting agency that the credit company you are applying to uses and temporarily unlock your data.
Here is an article from a security researcher that goes into a significant level of detail on why you should really just bit the bullet and get that freeze done:
http://krebsonsecurity.com/2015/06/h...curity-freeze/
Here is another whitepaper (a useful one, not a sales whitepaper) on the same subject (more of the same data, but just in case you wanted a different source:
http://uspirg.org/sites/pirg/files/r...RGFREEZE_0.pdf
And finally, here is the FTC on the same subject:
https://www.consumer.ftc.gov/article...it-freeze-faqs
In summation, take the time to get your credit freeze now and save yourself headache later.
Someone posted a copy of the letter they received online: