Even ignoring the credit card info (which was apparently limited to a small old non-US database) the names, addresses, and email addresses for all those people are worth a lot. They can sell that info to anyone who wants to do some spear-phishing (I've already seen such attempts in my spam) to try to get your password or install some malware that can get your credit card #s.
A database of millions of real names and addresses is a huge haul for spammers/phishers and whoever pulled off the hack.
__________________
|