Considering the growth in the last few years for online shopping and "loyalty" memberships I'm sure the jerks behind these attacks are gathering lots of information on the customers affected. Scary shit.
Oh, they stole that long ago. All that is happening now is all their systems are encrypted, until they pay $10m in Ethers. And they will have to, because the bean counters wouldn't pay for the licenses for the software needed to back anything up.