Comment by kevingadd

It's common for stray passwords or authentication tokens to be found in data dumps of i.e. someone's email, dropbox, or whatnot. So getting read only access to all the data in a given agency means you probably have access to a trove of stray passwords and authentication tokens that can be used to pivot into write access there or somewhere else.

As a concrete example, if you have read-only access to someone's email inbox that's enough to steal most of their accounts on other services since you can request a password reset link and then click on it.