Well you could change the email address you use for the financial services only, and keep it secret. Then it would be harder to impersonate you.

Or, use a service that lets you generate an address for each business you deal with or use case you have so you can treat them as disposable. After chasing down spammers and companies selling my info, including my email, I found this was easier to keep up with and is more effective. Spam me once or sell it to another company, and I burn that address, replacing it with the original company if I really need them to keep in contact.

I tried to do that but found out there's almost no services that I would want to treat my account there disposable. If I bother to provide them my email address -- I usually also want to access my account there later (e.g check order status).

There are tens of services where I'd like it disposable, but hundreds of services where account is warranted. And some of those thousands will be compromised some day.

I'd distinguish between an address one can choose to dispose of in an organized way versus an account you don't want to lose access to.

I have my own domain, and pay a hosting company to manage the e-mail, which means it's easy to have ton of forwarding-only addresses for different purposes.

This means that I register with mybank123@domain, if that ever leaks I can log in with them and change my e-mail to a new forwarding-address of mybank456@domain. Then retire the older one.

You can do this with aliases. For example Firefox's relay (or you can do it with a website and cloudflare). They'll also give you a catchall domain so you can either have generated emails like "adafergtrees@mozmail.com" or "NameOfArbitraryBusiness@deepsun.mozmail.com". If you want to trash an email you can do that too.

Well, I could, and actually did. Like I said, I couldn't get that email address out of the report.