Those who are affected will at least receive some kind of compensation, which is not a consolation because their data has become public - but something similar happened to Ledger users 5 years ago and that company did not pay anything to anyone, but they tried to present the whole thing as irrelevant. This just shows the way companies treat their customers when it comes to the US versus the EU.
Here, at best, the company would get a fine.
One good thing from this is that the need for privacy and the shortcomings of KYC are starting to be talked about more aggressively.
Too many people simply don't care. I like to think they can't leak what they don't have, which is a very good reason to keep your private data private.
To quote myself:
Most people don't care about privacy, and they'll tell you they have nothing to hide. That's not true, but life is a lot easier if you don't care about privacy (until it's too late).