The problem is that the fraud may not end up on a Chase account -- names/addresses/phone numbers can be used to social engineer access to other things (in addition to being sold as a database of local addresses of "people qualified for credit" that may be more likely to have nice things in their homes).

I'm actually not very concerned with credit card numbers being stolen; those are indeed the ownership and responsibility of the credit card company, and dealing with fraud on them is straightforward. Names/addresses/social security numbers are much more concerning, especially if it can be combined with other information gotten/stolen elsewhere.

Stolen health care info still sounds like the biggest deal, especially because it's often managed by bureaucrats who seem to revel in making things harder for honest customers, like claiming that they can't release details of a thief's care because of HIPAA, but won't remove the charges (the law should be clarified that they can choose one response or the other -- if they believe it's another person, pull the records and charges, if they don't, release all data to the customer they claim is responsible for paying).