what i noticed from you and a couple other similar stories in this thread is that a same email is used at multiple places. Have you looked into email aliases like simplelogin, anonaddy, or anything of that sort?
or at the very least, the basic [email protected]? this let's you know at least which thing was compromised.
of course, I don't recommend doing the same for important services like you banking accounts, but for the vast majority, having an alias would be enough.
and compartmentalisation always helps (different emails/accounts for personal, govt, and work domains).
https://www.trai.gov.in/advice-to-senders