Cyber-criminals are always seeking protected information, regardless of its overall financial amount, because value is always present, in one form or another. Even if your bank account is low, you’ll have a credit card they can charge to. If you have no credit card, they can steal your personal identity. It really doesn't matter what the data is or what it represents, it is just as exposed as any other data if not protected correctly.
Here are the ways in which your stolen data can be utilized by a cyber-criminal:
Monetized – This method is simply selling the stolen information. This is the easiest form of spreading stolen data, because the cyber-thief can quickly push your information out to somebody else and not have to deal with it after that. It’s a quick turnaround. Online identities and login credentials have been sold over the dark web for some time.
Ransom – Holding your data hostage in return of something else. This data extortion typically results in encryption of your files so you are no longer able to access them. Although sometimes it can just be a threat of revealing information publicly, like personal photos. This is usually effective with individuals who have a public presence and image they want to maintain.
Espionage – Mostly behind the scenes, this takes advantage of the possessed credentials to track specific people’s activity, network and conversations. The information gathered can be sold for research purposes or to do other, more malicious activity.
Profit – This method just literally uses the stolen credentials to directly purchase goods or services. Much of the time on e-commerce sites and online services. The profiteering can go on for as long as it takes either you or your bank to notice.
Identity Theft – Not necessarily for profit, this type of theft is used to recreate your identity so the criminal can pose as somebody they are not. It has a wide-variety of uses not limited to only financial gain.
Malvertising and Propaganda – This type of data usage launches malicious advertising campaigns that can spread malware or viruses to other computers that click on those ads. Hackers can launch these campaigns either to make a profit or spread more malware and viruses. In this way, they can use small amounts as to avoid immediate detection from the actual user.
The point is that there is always a way to use your stolen data. Although you may not be a high target, hacking is typically unbiased and not specifically targeted. Stolen information can always be valuable somewhere to someone.