Depends on the breach. With an email address, they can determine that you are the same John Smith who was in another data breach, so now they know you have accounts on both sites X and Y. If one of those sites was, say, a dating or cheating web site, they may try to extort you. Failure to pay the random might result in your “secret” being leaked on the other site.

If they can trace down your contacts, they can try to pretend to be you claiming to be in trouble, plz send money. You might have heard of this scheme. Very easy to do if you can get into someone’s email account and see their messages, but any service breached that can help identify you and your friends/family could be sufficient as well.

Otherwise they could just try to be intimidating in general, hoping for a reaction. I get spam pretty much weekly telling me I’ve been recorded on my own PC by my own webcam doing dirty things and I need to pay their ransom. Some people are just gullible, and even a 1 in a million success is still a financial win.

With how many breaches have happened and how many millions (billions?) of accounts leaked, the risk to any one specific person is fairly low unless you’re being targeted. I agree, you’re *probably* fine, but think of what collateral damage could happen.