Hi, sure that does protect you from a great deal, but that doesn't protect you as much as you think.
If you've used the same password elsewhere, and that website is compromised, then potentially you're in trouble.
Years ago I used a free webhosting site for instance, that was compromised. All that happened to me in that particular instance was that I got a whole heap of spam to the email address used to sign up to that service, because I was using unique usernames on each website and long before stopped using the password that I used with that particular service.
If I'd been using the same username and password everywhere, they'd have had access to everything, most critical of all, my email account, and they'd have been able to wreck havoc on my life.
Similarly if it had been a service where I gave my accurate personal information, my name, my address, my phone number, a miscreant could have used social engineering tactics to gain access to accounts and services offline.
It's impossible to be completely safe, but it's vital to make oneself as safe as possible and part of that is using different usernames and using different passwords and making sure that the latter especially is long and is changed regularly.
I'm sure you've seen people reporting losing control of their accounts here after and unauthorized SIM swap, (if you look further out there have been people who have fallen victim to this and lost money from their bank accounts too, and not all of them did online banking), that happened to them because they used the same password on multiple sites.
It happens and people must do more.
giffgaff too have a responsibility to promote healthy online practices, especially given they encourage users to post a hell of a lot of personally identifiable information, (such as ones age - if you've posted about your birthday anywhere, I've got your date of birth and one piece of typical security information often used for verification offline).
Just imagine what I could do to your life if I gained access to your giffgaff account because a service you use was compromised and you had the same password.
I would have your name, your address, your mobile phone number, (which I could take control of), your bank card last 4 digits, (possibly the expiry date too), your date of birth...
I could do a lot of damage to your life with just that information. I won't, I have a conscience and I'm lazy, plus I don't wanna go to jail, but for a miscreant it's like handing them the crown jewels.
I'm not saying this to panic you, just to impress how important it is to use very strong and unique usernames and especially passwords online, (and also, as a side note, to be mindful of what people post in the open).
Complacency if your worst enemy with regards to things like this.