Perhaps it's kind of like KYC.

For example, I received a letter from a former mortgage provider telling me that some of my sensitive data "may" have been stolen. God knows that kind of shit I'll have to deal with in the future because of that. The solution is quite simple: stop collecting all of that sensitive data; Data which doesn't exist can't be stolen. But will such a solution be implemented? In our current world, of course not.