Re: So :
Your NI number isn't privileged and nothing should hang off it (unless people are being absolutely incompetent).
Your name and address are a matter of public record, easily discovered for any given individual - you give that to Amazon or everyone that you ever receive a letter from, for example.
Pension scheme - yeah, maybe some slight phishing possibility there but nothing really major.
Salary? Nope. Horrible personal data to have leaked but not a security issue of accessing anything (nobody genuine is going to ask you to enter your salary to gain access to a website, for example).
Same for equal opportunities data.
Any place that lets the above information take over an account without checking is utterly incompetent, and probably failing their own GDPR to be honest.
What I don't see in that list are passwords, account numbers, security questions, etc. that would actually be required to directly do any harm.
It's actually quite a low-level compromise, with the exception of the salaries.
P.S. your employer knows all the above, anyone who works in the accounts or payroll department, anyone who works in the HR department, as do all of your previous employers up to a given point in time.