When thinking about these types of cases, always keep Parallel Construction in mind: https://en.m.wikipedia.org/wiki/Parallel_construction

There’s a reasonable chance that they already had this info (possibly even cleartext email via an ISP lawful intercept), and the proton/apple jig whilst bad, wasn’t as bad as the real source