For better opsec, always assume that whatever service you're using will be breached someday.
Especially with crypto-related services, I always use a separate email for these as I know it will be a total nightmare if one of the emails I've used on crypto services gets leaked. I won't be surprised if the old email I've used on Ledger is still heavily being spammed right now.
That's a good approach. I also suggest everyone to always use a different password on their email and any other account that they'll register via this email. If you use the same password and your account gets hacked, then hackers will try to use that password to log in to your email and if someone gets access to your email, you'll be in trouble.
Btw if you save your password in Google Chrome, Chrome will tell you if your password has already leaked. I don't think it's a good idea to save passwords in Google or even to use the Chrome browser.
They are not even affected yet, until they fall for the phishing mail that the attacker is going to send. Those whom their data has been exposed should expect anything, so they should be careful of links they click, as scammers would be trying out ways for them to give out their seed phrase.
The attacker would probably not attack now that there is awareness on this issue, they don't mind waiting for a very long time, when many persons have forgotten about the incident, then they start sending out phishing mails, looking for victims to steal from.
I think that you should always be careful with your email, even if it's fresh and no one has hacked because there are many people who scan email addresses and send many kind of phishing links. One of my emails is full of phishing links but I have never clicked on any of them, I always look at the URL before I click, I also always check the sender. Email spoofing is very easy and no joke.