In the private sector, banking particularly, the degree of security is usually proportional to the value of the data to an outside party and the cost to the owner. When I worked in Abu Dhabi we assumed that the mos likely criminal to break our systems would try to steal a single, average sized, transaction. That's 200 million dollars. For that we assume that at least 10 conspirators would consider theft worthwhile, and plan security accordingly.
In this case the potential value to a thief is 25 million * the average product of an identity scam. Probably more than a quid a person, so perhaps 200 million pounds. The cost to the loser is not the same as the benefit to the thief in this case. A junior guy has resigned, and Gordon is getting some stick. Perhaps there will be a cabinet resignation, who knows? It depends on how deep the poo pile gets. However, if anyone does lose their cabinet post they will still be an MP and probably get shifted back in the next reshuffle. So the cost to the losers is peanuts. This probably explains why the crown jewels were mailed to "The Occupant". No-one expects to be punished for this, so no-one cares.