Re: nasty breaches ahoy
As the recent spate of "We know your password, pay us bitcoin or else" extortion scam emails demonstrate, the average internet extortionist does not actually need actual dirt to make a small profit. All such criminal vermin need is a vaguely plausible story to try to convince the marks that they are genuine.
So, picture this scheme a few months in. The Do-It-Yourselfer's Register now has a few hundred thousand people on it, most of whom are the dimmer sectors of society who don't know about VPNs. A story goes round about how this roster has been leaked, in part or toto. Given the reputation of UK civil servants for hamfisted incompetence and knuckle-dragging stupidity and subversion of sensible rules (encrypting data, and writing the password onto the encrypted disk), hardly anyone will believe assurances that this honeypot of data has not been leaked.
So off we go again with the extortion emails: "Greetings, $NAME, you do not know me but I know you, and I know that you have signed up to the one-handed-typists register. Pay me 25 magic beans (instructions on how to do so here) or I will tell everyone you know about your solitary exploits in front of the computer".
Now, I'll grant you that this is implausible on many levels, but extortion scammers play the averages. Send the message to enough people, and sooner or later you strike lucky.