Well, to be fair, what isn't collected, can't be stolen.
Whenever you collect data, you are creating a target.
Honestly what REALLY creates the problem is not when companies collect the data... it's when they sell it to other businesses to monetize the data. ALL freaking companies do this that I am aware of. It's just the degree with which they do it. Those portals make the data accessible by simply overcoming an API layer.
Any companies that specifically DO NOT monetize your data or let business partners access it (same thing), don't have the same level of exposure.
You want to impress me... be a company that publicly states we do NOT share your data with business partners NOR do we monetize your data for external use outside of this organization.
Even that statement leaves loopholes.