No one is safe from data breaches, and at times it won't even be the company you've directly interacted and purchased from but their partners, like what recently happened to Framework. Framework are the company that make the modular Framework laptop, which is really cool!
From what I can tell, Framework have not announced this in public but sent it in an email to affected customers which one decided to copy and paste on to the Framework Forum in a post.
The email notes how their accounting partner, Keating Consulting, had a staff member fall victim to a "phishing email that utilized social engineering tactics to obtain customer PII (Personal Identifiable Information) associated with outstanding balances for Framework purchases" and anyone getting the email was affected by it. For those hit their full name, email address and balance owed would have been gained by the attackers.
Framework said about the list that it was "primarily of a subset of open pre-orders, but some completed past orders with pending accounting syncs were also included in this list".
One thing that has confused multiple people, is that even people who don't have an outstanding balance were emailed, which was cleared up in a later post by a moderator forwarding information from the Framework team. There may not be a customer-facing balance, but their system may have a slight difference due to changes in taxes since an order.
It's just another reminder to be seriously careful on clicking links to ensure they really go to where they say, especially in emails, and not entering any information into a form you're not 100% sure on. It can happen to anyone. Always check the full URL.