Not really 'cyber-crooks'.
Looks like someone saw the password on a post-it note and couldn't resist having a peep.
No access to payment data, just lots of less wealthy people moving their own stuff from A to B. Experian will make more than those leet haxors did out of it.
You can understand hackers targeting politicians, celebrities, the military and banks, but simply doing a server because you can, should the company tell you to go fork yourselves rather than pay a ransom, will yield little or no reward.
And we've had the net for long enough for only the lowest hanging fruit to use the same password more than once. So even trawling through the data won't get them much. There was more personal data in the phone books we used to get free from telcos.