Apparently some company I do business with shared my data with another corp without me knowing,
WTF?
then that corp who I did not know had my data was breached.
WTF?
Then the breached corp who could not competently secure the data in the first place offers victims gratis credit monitoring services (read: offers to let yet another dodgy corp also have people’s sensitive info thus creating yet another breach point). Then the service they hired as a “benefit” to victims outsources to another corp and breach point: Cloudflare.
WTF?
So to be clear, the biggest privacy abuser on the web is being used to MitM a sensitive channel between a breach victim and a credit monitoring service who uses a configuration that blocks tor (thus neglecting data minimization and forcing data breach victims to reveal even more sensitive info to two more corporate actors, one of whom has proven to be untrustworthy with private info).
I am now waiting for someone to say “smile for the camera, you’ve been punk’d!”.
(update)
Then the lawyers representing data breach victims want you to give them your e-mail address so they can put Microsoft Outlook in the loop. WTF? The shit show of incompetence has no limit.
That sounds like the average megacorp terms of service these days.
Yes, just because everyone’s doing it doesn’t mean they can’t be better. They should be better, but worldwide government regulations don’t force that (yet).
But at some point to interact with any kind of large company, your information is going to end up crossing the path of a large company, especially one of the hyperscale cloud and connectivity providers like Microsoft, Akami, Cloudflare, Google, Amazon, etc.
Whether businesses get copies of information is usually included in a site’s privacy policy, and if you’re curious about that list (and it’s not publicly documented), I’d hope there’s a contact to get more info about the policy (like a privacy@ email address)
If you really want to limit your information exposure, you either have to audit everyone you do business with this way (because most large companies do this) or hire someone (or a service) to do it.
You could also consider not interacting with large companies at all - but you’d limit yourself from part of the modern world. If that’s your game, by all means by my guest.