The expectation that breach fatigue is something new, however, shouldn't be. One of the most sound things said over the last few weeks came from a sage veteran law-enforcement officer who now only consults for banks...and we've heard this before; the working assumption should be that all cards may already or at any time be breached, at risk and carry the potential for fraud.
Using this as a baseline assumption, and then utilizing another industry standard of layered security/controls, issuers should be able to assume the posture to manage this situation effectively. The position is this: that the financial services industry can set controls that are tied to this specific breach, as well as controls that are tied to the one that came before it and finally create controls that will protect us from the next one. Deploying a risk-based, compromise-centric and layered framework is one way to prevent data breaches from stunning us in the future.
Coupling that with a proactive customer communication management plan is paramount and elevates that framework. This combined path best positions the institution in support of its customers and against the fraudsters who are trying to exploit the system. Breaches are now quite common, but the response to them is what makes an institution uncommon in the environment.