If the attacker doesn't know then no one will know, so when the dump gets uploaded to pastebin with the title "10,000 records from <your service>" and that gets reported in The Register everyone will believe it's a real breach. You would then be in the position where you have to persuade the public it isn't. That would be very difficult because no one would know whether the data is valid or not.

If that's the strategy you want to use that's up to you, but I think it's immensely risky and provides no practical benefit.