Data Breach Extortion Scams via Email
How scammers send threatening emails claiming to have obtained your personal data from a breach and demanding payment to prevent its publication or misuse.
Part of: Data Breach Extortion Scams
Last reviewed: 8 June 2026
Data breach extortion emails exploit the widespread reality of data breaches to create credible threats. An email arrives claiming the sender has obtained your personal data — login credentials, financial records, private communications, or compromising material — as a result of a hack, and threatens to publish or misuse it unless payment is made, typically in cryptocurrency.
The emails are designed to panic recipients into paying before they think critically. Some include genuinely leaked information — an old password, a phone number, the last four digits of a card — to establish apparent credibility. In most cases, the specific threat (a compromising recording, access to financial accounts) is entirely fabricated.
How this scam works on email
The email often opens by displaying a real password or phone number associated with the recipient, sourced from a purchased breach database. It then claims the sender used this access to install spyware, record compromising video through the webcam, or access private files. Payment of a specified sum in Bitcoin or another cryptocurrency is demanded within 24-72 hours.
The demand is carefully calibrated to feel more affordable than the claimed consequence of non-payment. Most recipients have never been individually hacked; the attacker is operating a mass campaign using breach data to personalize automated emails at scale.
Common red flags
- Email includes a real old password you have used, presented as proof of access
- Threat involves webcam recording or device access that the sender claims to have installed
- Payment is demanded in cryptocurrency with a tight deadline
- Email instructs you not to contact police, which is itself a manipulation tactic
- The supposed evidence of wrongdoing is vague and unverifiable
How to protect yourself
- Do not pay — payment does not guarantee silence and marks you as a willing payer for future demands
- Change the password mentioned in the email immediately, and any other accounts where it is reused
- Cover your webcam with a physical cover for peace of mind, though the recording is almost certainly fabricated
- Check your email address on haveibeenpwned.com to identify which breach the data came from
- Report the email to your national cybercrime authority
How to report it
- Report to the FBI at ic3.gov (US) or Action Fraud (UK) at actionfraud.police.uk
- Forward the email to [email protected] (UK) or [email protected]
- Report to the FTC at reportfraud.ftc.gov if you paid
Frequently asked questions
Should I pay the extortion demand?
No. Security experts and law enforcement agencies universally advise against paying. Payment confirms you are responsive and may generate further demands. In virtually all cases, the threatened material does not exist.