I’ve come to the conclusion that all these breach notices and the free stuff they offer for X months is a huge scam to get you sign up up for something. Either that, or every company has woefully underpaid/incompetent IT people. I’m waiting for the next news story to break on another company that somehow got passwords or identity info hacked that was stored in plain text…something I learned how to not do back in the 90s with basic HTML and PHP.
In short - I don’t believe them. They all are using the same form letters, it’s a scheme that they’re all in on.
Usenet. Go back to the base level.