This site https://haveibeenpwned.com/ checks your email address against known data leaks.
Just checking some of my older email addresses and both firstname.lastname@example.org and email@example.com are the subjects of pwnage due to me using them to register on a number of sites in the past.
Once a data breach happens at the very least your email address will go into a Spammers database to be used for Unsolicited Commercial Email or Phishing schemes amongst other things. At the worst, they will use it to gain control of your email and even try to penetrate your online banking accounts. Basically anything that an unscrupulous web denizon can make money from.
I have heard of business mail accounts being hi-jacked and then export container shipment documentation being doctored so that the shipment payment is diverted to a third party. Ouch not a good way to lose several hundred K.
So if you don’t a want this to happen. It’s a good idea to use strong passwords, security questions that can’t be answered by a person doing a web search or information about you that is easy to get (i.e. Mothers maiden name, birthdate etc) and also these days two factor authentication.
Many companies are using the Google Authenticator app which you install on your phone and when you go to login to various websites the website will prompt for a 6 digit number generated by the Authenticator app.
To implement in a website you need to interact with the Google Authenticator API https://www.codementor.io/slavko/google-two-step-authentication-otp-generation-du1082vho
Just another line of defense in the never ending escalation of the web security cold war.