this is true only if the attack is not performed while they are handling your id or someone other id, otherwise you might be in trouble, id can be validated offline like bitcoin transaction
Not sure if Bitstamp verifies internally or uses a third party though, so your data is always at "some" risk....