There's no such thing as "an abundance of caution" AFTER a breach, hack, or exchange run.
For real, can companies get better PR people. Its gotta be the same "A list" MBA people thinking they sound empathetic when really they only give a shit because their neck is on the line. They dont care about their customers data.
Itz not all on them.
Why folks still give their real names, primary emails to corps is beyond me. They dont know you from Adam. So now your name is adam. Your email is a burner from simple login. Your phone number is a VOIP. Aaaaand now breaches dont hurt.