Buying in official shops with cash might not be possible in the area where a customer lives. And it doesn't fix the problem when you register for a newsletter later.

Everyone should use a unique and unrelated email address from your usual identity for such newsletters or services. This might mitigate a little such data breaches.

So far, I went the route to create my own signing device, mainly because I'm not too happy with what commercial hardware wallets offer or cost and I don't feel the urge to need a commercial device yet.