Google Alerts picks up these websites and sends the links to users in email notifications, but the links go to pages with malware.
Companies subject to fake notifications include Chegg, Dropbox, Hulu, PayPal, Target and others that have previously suffered actual data breaches.