It's common for stray passwords or authentication tokens to be found in data dumps of i.e. someone's email, dropbox, or whatnot. So getting read only access to all the data in a given agency means you probably have access to a trove of stray passwords and authentication tokens that can be used to pivot into write access there or somewhere else.

As a concrete example, if you have read-only access to someone's email inbox that's enough to steal most of their accounts on other services since you can request a password reset link and then click on it.