Assuming you successfully hack someone, eventually you need to do one of 3 things before the company figures it out and closes the hole, use the data, sell the data, or contact the company and try and either extort them or collect a bug bounty. For the folks skillful enough to hack a company of that size, just having the data sitting on their hard drive does nothing.