Encrypted credit card data is not as safe as most might think. It's data so valuable for crackers, spending big sums on computational power to break the encryption might be worth it - if the crackers even need to do it, though; if they made off with many million people worth of personal information, what guarantee we have that they didn't made off with the executables that decrypt said credit card data, and are as of now happily reverse engineering it?

And the personal information itself is quite valuable. It should be enough to allow whoever took the data to unwillingly register users to a whole lot of services, create legitimate-looking mail accounts to use for spam (spam that will be credited to the hapless PSN user whose data was used), etc; imagine you trying to sign up for a Battle.net account and having trouble because your data was sold to a gold farmer who used it to make a few WoW botting accounts. Worse yet, imagine if the information stolen, complemented by a couple Google searches, is enough to apply for a loan.