PrivacyOn
SecurityJune 8, 202610 min read

What to Do If Hackers Threaten to Release Your Data

SC

By Sarah Chen

Head of Privacy Research

What to Do If Hackers Threaten to Release Your Data

Data extortion — where hackers steal your personal information and threaten to release it publicly unless you pay a ransom — has become one of the fastest-growing cybercrime tactics in 2026. Unlike traditional ransomware that locks your files, data extortion threatens to expose your private information to the world. Whether the threat comes directly to you or through a company that had your data, here is what to do.

Understanding Data Extortion in 2026

Data extortion takes several forms:

  • Corporate extortion: Hackers breach a company, steal customer data, and threaten to publish it unless the company pays. If the company refuses (as happened with DentaQuest, McGraw Hill, and others in 2026), your data may be leaked regardless of anything you do.
  • Individual extortion: Hackers contact you directly, claiming to have your passwords, photos, financial records, or other sensitive data. They demand payment — often in cryptocurrency — to keep the information private.
  • Sextortion: A specific form targeting individuals with threats to release intimate photos or videos, sometimes using AI-generated fakes.
  • Credential-based threats: Hackers who obtain your passwords from breaches threaten to access your accounts or impersonate you unless you pay.

The ShinyHunters group alone has been responsible for breaches at dozens of major companies in 2026, using a model of stealing data first and demanding payment second. When companies refuse to pay, the data is published — putting millions of consumers at risk.

What to Do If You Receive a Direct Extortion Threat

1. Do Not Pay the Ransom

This is the most important advice: do not pay. Paying does not guarantee that the hackers will delete your data or stop their demands. In many cases, paying marks you as a willing victim, leading to repeated extortion attempts. The FBI and cybersecurity experts universally advise against paying data extortion demands.

Paying Does Not Protect You

In multiple high-profile 2026 incidents, organizations that paid ransoms still had their data leaked or sold. Once data is stolen, the attacker has already copied it. Payment is not a delete button — it is a reward for criminal behavior with no binding agreement.

2. Do Not Engage With the Attacker

Do not respond to the threat, negotiate, or communicate with the attacker in any way. Any engagement gives them more information about you and confirms that the threat reached a real person. Silence is your best initial response.

3. Preserve All Evidence

Before you do anything else, document everything:

  • Take screenshots of the threatening messages (emails, texts, social media messages)
  • Save any email headers (they contain routing information useful for investigations)
  • Note the exact date and time you received the threat
  • Do not delete any communications — they are evidence

4. Report to Law Enforcement

File reports with:

  • FBI's Internet Crime Complaint Center (IC3): File a report at ic3.gov. The FBI tracks extortion campaigns and your report contributes to larger investigations
  • Local law enforcement: File a police report with your local police department. You may need this for insurance claims or legal proceedings
  • FTC: Report the incident at ReportFraud.ftc.gov

5. Assess What Data May Be Compromised

Try to determine what information the attacker may actually have:

  • Did they share a sample of your data as proof? Examine it carefully — sometimes extortionists bluff using publicly available information
  • Has a company you do business with recently been breached? Check breach notification sites like haveibeenpwned.com
  • Are the passwords they claim to have ones you actually use? If so, change them immediately

What to Do If a Company You Use Was Breached

If the extortion is not directed at you personally but at a company that held your data, your approach is different:

1. Verify the Breach

Check whether the company has officially confirmed the breach. Look for press releases, breach notification letters, and entries on Have I Been Pwned. Do not trust claims made solely by the hacking group — they sometimes exaggerate.

2. Take Protective Action Immediately

Do not wait for the company to tell you what to do:

  • Change passwords on the breached service and any account using the same credentials
  • Enable two-factor authentication on all important accounts
  • Freeze your credit at Equifax, Experian, and TransUnion if personal identifying information was exposed
  • Place fraud alerts on your accounts
  • Monitor financial statements for unauthorized transactions

3. Enroll in Offered Monitoring

Breached companies often offer free credit monitoring or identity theft protection. Enroll in these services — they provide an additional layer of detection even if you already have your own monitoring in place.

Long-Term Protection Strategies

Minimize Your Digital Footprint

The less personal information available about you online, the less leverage attackers have. Steps include:

  • Remove your information from people search sites and data brokers
  • Use unique email addresses for different services
  • Limit the personal information you share on social media
  • Use a VPN to reduce tracking
  • Regularly audit your online accounts and delete ones you no longer use

Use Strong, Unique Passwords Everywhere

Credential-based extortion only works if the passwords the attacker has are still valid. Using a password manager with unique passwords for every account means a breach at one service does not compromise the rest of your digital life.

Monitor the Dark Web

Your data may be circulating on dark web forums and marketplaces long before you receive an extortion threat. Proactive monitoring can alert you to exposures early, giving you time to change passwords and secure accounts before criminals act.

Common Extortion Email Red Flags

Many extortion emails are mass-sent bluffs. Red flags include: using an old password you no longer use (harvested from past breaches), vague threats with no specific proof of what they have, demands for Bitcoin payment within a short deadline, and claims that they hacked your webcam. These are almost always scams using recycled breach data.

How PrivacyOn Helps Protect Against Data Extortion

PrivacyOn provides proactive protection that reduces your exposure to data extortion threats:

  • Data broker removal: We remove your personal information from 100+ people search and data broker sites, reducing the publicly available data that criminals can use to target or threaten you
  • Dark web monitoring: Our service scans dark web forums and marketplaces for your personal data, alerting you when your information appears in breach dumps or is offered for sale
  • 24/7 monitoring: Continuous scanning means you are alerted to new exposures quickly, before they can be weaponized
  • Family plans: Protect up to 5 household members, because extortion threats often leverage family members' data as well

Reduce Your Exposure With PrivacyOn

The less personal data available about you online, the harder it is for criminals to target you with extortion. PrivacyOn removes your data from 100+ broker sites and monitors the dark web continuously. Plans start at $8.33/month. Protect yourself today.

SC
Sarah Chen

Head of Privacy Research

CIPP/US CertifiedIAPP MemberB.S. Computer Science

CIPP/US-certified privacy researcher with over a decade of experience helping consumers remove their personal information from data brokers.

Related Articles

Security

How to Protect Your Privacy After a Data Breach

Security

What to Do If You Receive a Sextortion Email

Security

What to Do If You Receive a Data Breach Notification

Ready to Protect Your Privacy?

Let PrivacyOn automatically remove your personal information from data broker sites and keep it removed.