Yes, it's in the same boat, we (almost) all do it with Google.
I don't know where to draw a line, but I don't think a single data breach, even minor one, should mean a death sentence to business. Maybe some sort of audit/certification should be mandatory after breach.
I think the idea is more about informing users than it is about trying to drum up a boycott that results in a "death sentence".
For example, with regards to search engines, what if I go on Google and it tells me "hey, Google has had 3 data breaches that have effected users like you". And then I go on DuckDuckGo and it says "DDG has never had a data breach". Not everyone will switch from Google to DDG, but some people will, and I don't think that's a bad thing.
We can't inform users how a particular breach affected a particular user (based on the fact of breach alone). Anything else is just FUD. It's like saying life in California is dangerous because there were deadly hurricanes there in the past that took lives.
We can't completely control hacker attacks. We should treat them more like software bugs or service outages. It just happens, we should focus on minimizing potential damage and proper response.
> It's like saying life in California is dangerous because there were deadly hurricanes there in the past that took lives.
I'm not sure this is the analogy you are looking for. If you are concerned with how a hurricane might impact your livelihood, it's generally a much better idea to live in Colorado than on the coast of California.
Except unlike hurricanes, we absolutely can prevent hacks that leak a lot of user information.
I don't know where to draw a line, but I don't think a single data breach, even minor one, should mean a death sentence to business. Maybe some sort of audit/certification should be mandatory after breach.