One of the questions I get asked so often in data security-related incident is:
How did the threat actors get that information, or How was that breach possible?
These are valid questions. I don't expect you to understand what a cyber kill chain is.
But you should have control over data.
No one's privacy is not completely secured. Nobody can have %100 security.
But I advocate data monitoring and alerting. You have a chance to responding to an attack and providing a fix. Rather than being in the dark for 6 months.
You can check for FREE if your data has previously been identified in a breach? This is mostly not your fault as 3rd party breach exposes everyone that has used their product or services.