Maybe not but I bet that this many unique credit card emails eventually tripped over some threshold in a risk model. It’s too hard to adjust the model for one person, and putting in an exception for this one person means they take on additional risk if that person then goes on to actually do bad things.

To be clear I’m not saying it’s ok. Google should make it right and then invest in a scalable way to not keep doing this.