I've gotten a couple of letters ("snail mail" letters) recently claiming that some of my personal and/or medical information
might have been compromised due to a data breach
*which is never reported in the news. 'Conveniently', I am also being offered some type of data protection and/or credit monitoring from some third party ... free
*for a trial period, of course. After which, a non-trivial fee will be charged I'm sure.
Thing is, I don't recognize any of the names of the companies involved in the "data breach". Now, I know my data is being shared with probably hundreds of companies of which I have never heard. And these letters do appear very convincing - with phone numbers and addresses of various government agencies and credit reporting services and advice to put a "fraud alert" on one's credit report.
But I smell a rat. The return address is for the same company offering the "free" protection. 
Seems like trying to frighten people into buying your product ought to be illegal.