Thanks. I hadn't dug into that link, but I did based on your comment. It is a Congressional investigation that is rooted on a report from The Markup [1] that, as you note isn't about an accidental breach by Google, but one where multiple companies send extensive PII to Google about site visitors. While not necessarily a "breach", I think this lead of personal data plays to Signal article's point though. The Markup article's git repo with HAR files of what was sent to Google was convincing.[2]
[1]: https://themarkup.org/pixel-hunt/2022/11/22/tax-filing-websi... [2]: https://github.com/the-markup/meta-pixel-taxes