What data are we talking about?
Be interesting to know exactly what the fraudsters got hold of, and what they tried to do with it...
There wouldn't have been PINs presumably (although these are sometimes used for US debit cards), so no cashing out at ATMs. Supposedly no cardholder names (so presumably no addresses either), so I'm guessing we're just talking about images of Track 2 data from cards. So probably just a matter of making counterfeit (mag stripe) cards and buying stuff. But this won't work for transactions that were originally chip.
I doubt you can do much fraud these days with just an account number and an expiry date... Well, except maybe by creating an account on Amazon and then buying whatever you want!