My spidey sense says that many of the data breaches of this nature are done by government intelligence agencies to obtain information without warrant or user permission. It allows them to deny all involvement and circumvent any regulations. many of the breaches seem like random targets, bu in a lot of cases (like DNA databases, identity of crypto users, etc) there seems to be strange motives.