Not sure how many of those companies use the customer's e-mail address for the login. If so, I would certainly demand the login e-mail address be changed to something else.
I also wouldn't be posting on a public forum which companies had my e-mail address (especially if it was the login).
I think they are being misleading though. ... If the database was breached, surely this data was visible also.
I am also skeptical, but that is not necessarily the case. All the data may not be in the same table or even the same database (or even on the same server). And even if it is, there may be granular security settings that really did limit the breach to name & email. (e.g., different security is needed for the different information, but only the security for the basic information was compromised.)