I guess credit card data is not important to protect
It isn't, really.
All creditcard companies take full risk and let you contest any charge for free*. Both reconfirmed this to me, Amex even discouraged me to replace my card with them because they have monitored zero abuse or strange behaviour so far (CCV numbers were NOT on file IIRC) and do not see the need for immediate action.
This won't cost me a dime and even in the case of fraud minimal time to sort out and from experience I know any necessary replacement card will arrive within five business days. The biggest risk here is for merchants who deliver services or ship physical goods to non-billing addresses as they might actually lose labour or assets.
Also, weak-password end-users are blameless here. My relatively weak 6-digit numerical password was apparently good to never have abused me in any way I've ever been able to notice. Fact remains, not our passwords were compromised, it was a system with 77 million PSN accounts. I do use much stronger passwords for other services, but in reality a weak password is an overrated risk. Common breaches are exploits and "Facebook rapes". Also, barely anyone cares about your personal passwords. Corporate ones are valuable. Consumer ones, not so much (again *).
* At least here in the Netherlands. YMMV, I'm aware that consumer protection might be worse than ours in other parts of the world.