What occurs when an attacker steals data and demands compensation for its return?

The correct response to the scenario described is that it is classified as information extortion. This term specifically refers to situations where an attacker steals sensitive data and then demands a ransom or other form of compensation to restore access to that data. The key characteristic of information extortion is the coercive nature of the attack, where the victim is pressured into paying to avoid further harm or loss.

Additionally, this situation reflects a clear motive on the part of the attacker: to gain financially through the manipulation of stolen information. It highlights the criminal strategy of leveraging sensitive data to exploit individuals or organizations.

While the term "data theft" might seem applicable, it does not encompass the aspect of demanding something in return for the stolen data. Ransomware is often associated with encrypting a victim's data and requiring payment for decryption, which does share similarities with information extortion, yet it specifically relates to malware that actively locks users out of their systems. Phishing, on the other hand, involves tricking individuals into providing personal information but does not typically involve the subsequent extortion of stolen data. Thus, information extortion aligns perfectly with the act described in the question.