One thing I do, which no clue how helpful it really is, is use a custom domain for my emails with support for catch-all addresses. When I sign up for a new site, I typically put my email as something like "<site-name>@<my-domain>.com".

If my data were exposed, I guess someone who realized that could try any variation of the site's name to figure out the exact one in my address, but you could always do something more unique than that. Even something like generate a BitWarden password and use it as the user for the domain.

It's less a protection schema and more a canary schema. I use plus-addressing for basically every online account that I create that does not need to be professional in nature. The benefit is that if I start receiving emails from Foo.com sent to myemail+bar@example.com, I know that my bar.com account got compromised and I can do something about it to limit my exposure.

I've found that a lot of websites don't like "+" or even intentionally detect it to reject it or subvert the user's interest.

I think a good system would be a randomly generated handle like nick836742@example.com where my real email probably isn't nick@example.com, but the number is different for each service.

I also use random email aliases for my domain. The random username is because I don't want people to be able to search my username for a service and link me to other accounts online.