well, there are a few things you could do short of publicly dumping a ton of private information to achieve the same or similar goals:
-publicly announce that you've breached X amount of data, and provide hashes of the files and tell the breached entity to confirm the hashes are accurate otherwise you'll publicly dump;
-publicly prove you've accessed the files in a way that requires breach notification laws to be triggered -- so the company is forced to post embarrassing announcements but the actual risk to the underlying people in the dataset is reduced
what I don't understand is why you have to screw over all of the little people and individuals by just making everything public.
