It appears your organization left an elasticsearch database exposed to the internet. This happens frequently due to poor configuration.
You're either going to have logs pointing to an IP that the individual used to siphon your data, or nothing.
With an exposed elasticsearch database, you possibly had the data being siphoned by many parties, and are only aware now because of this particular incident.
If you have any operations regarding customers in Europe, you need to notify your relevant Data Protection Authority
The person you are responding to is suggesting a scenario like the movie 'contagion' where people marked clean are given a wristband or pass of some kind.
In reality testing can be used as an effective tool regardless of whether or not people can be 'certified'
I think the math problem could help, but you also need to ask yourself if you're just going to keep bypassing it anyway.. in which case software is unlikely to help much.
For you I would recommend the book: The Willpower Instinct by Kelly McGonigal. (audiobook is also well narrated)
It's well written and full of great methods for gaining your self control back.
My browser is setup to record no history or cookies.
It can be annoying to always have to dismiss the same popups you've dismissed before, but I've never had any issues with online payments or unnecessary captchas, including using stripe.
Not every company has the need to staff all of these specialists.