A former employee threatens to release sensitive data unless a payment is made. How should this be categorized?

The situation described involves an individual who is leveraging sensitive data for a monetary gain, indicating a clear act of using threats to compel the victim to act. This aligns with the definition of blackmail, which is the act of demanding payment or some form of coercion in return for not disclosing information. In this case, the former employee is threatening to release sensitive information unless a payment is made, which fits the criteria for blackmail.

While extortion could also seem relevant, as it involves obtaining something through coercion, blackmail specifically refers to the threat of revealing personal or sensitive information to achieve that goal. Thus, labeling the act as blackmail precisely characterizes the nature of the threat regarding the sensitive data involved.

Insider threat and sabotage could involve similar elements, such as negative actions taken by someone within an organization, but they do not encompass the transactional nature of threatening to release data for payment. Therefore, categorizing this situation as blackmail appropriately addresses the specific motivations and actions of the former employee in this scenario.