I don’t get your point. This isn’t an attack, this is a cheap consumer company doing what they do best and stealing your personal information because $ and other crap. If this happened in enterprise they’d be in so much shit with laws. Cisco, juniper, Aruba, etc are not going to be shipping off your passwords because that liability is going to be a big problem.
Enterprise level stuff also charge top dollar and don’t need to sell your data to make more money.
If enterprise level stuff we’re doing this intentionally they’d be out of business. This would not fly with SOC and other security designations.
Additionally just because a consumer uses enterprise gear, that does not make them a larger target. I’m not Microsoft. No state attacker is going to want my worthless data.