It really isn't as simple as that.

You are leaking email addresses that likely otherwise wouldn't be out there publicly. Whilst email addresses and names are "effectively" public, they aren't just in a one big database anyone on the planet can access.

Every single one of those email addresses will receive increased spam and phishing attempts, with more isolated information (such as School, First+Last Name, Subjects, Teachers/Lecturers, etc) the phishing attempts can be more refined.

i.e, Student receives an email that looks like its from their school (has email footer, has student name, has relevant teacher name, subject name, etc), the user is now more likely to click some sketchy link.

These little identifiers add up, especially when cross-references with other leaks. Even more problematic when most of the users wrapped up in a leak like this are under 18 too.

A lot of this stuff could be done previously, although the effort and scale to do so would of been higher/harder.