It depends on the country. Where I live now even if I leak my name, date of birth, bank details, national id number, etc. you couldn't do much. We have a country wide 2FA system that all important businesses use (bank, utilities, health, government) to authenticate users.
I'm from the UK though, and previously was a 'victim' of identify theft where a few years ago someone walked into a phone store, and walked out with a new iPhone and contract in my name.
Is the country wide 2FA implemented by the country or a private company? While rare, what if a person does not have access to the 2FA mechanism, and what mechanisms are permitted to confirm an identity?
I'm from the UK though, and previously was a 'victim' of identify theft where a few years ago someone walked into a phone store, and walked out with a new iPhone and contract in my name.