The setup for these breaches is entirely due to companies being able to require your SSN for whatever purpose, and indefinitely store it basically however they'd like. Either the government should have never assigned a mandatory unique identifier to every individual, or there should have been strict laws about what purposes it could be requested/used for, how it could be stored, and steep statutory liability for screwing those up.
But the political attitude in the US is to have the government do the bare minimum and private companies will take up the charge. However for many subjects the resulting mix is the worst of both worlds - given the tiniest hook into governmental power, the private sector eagerly implements totalitarian solutions for which there is no opting out.
Presently, the naive legal mandates of SSN's, driver's license numbers, and license plates are being heavily abused to enable pervasive corporate surveillance. These existing identifiers already make too good of keys for cross-linking every other ill-gotten datum on a person. The main thing that keeps every single business from demanding these identifiers is people's ambiguous worry of just handing them out, due to their technical shortcomings. Imagine going to a grocery store and having to present your national electronic ID to get the sale prices, with no alternative.