To me it seems most likely that this is data collected during the KYC process during onboarding, meaning company documents, director passport or ID card scans, those kind of things. So the risk here for at least a few more years until all identity documents have expired is identity theft possibilities (e.g. fraudsters registering their company with another PSP using the stolen documents and then processing fraudulent payments until they get shut down, or signing up for bank accounts using their info and tax id).
Essentially nobody checks the validity of document numbers, there’s rarely any automated mechanism to do this. You could just photoshop the expiry dates on the documents and use them for years and years, even if document designs changed you could just transplant the info from the old document into a new template.
So no, documents expiring does mostly nothing to alleviate identity theft risks in most of the world.
And anyway, targeted phishing attacks are of much much higher severity than identity theft. From this data you can probably gather everything you’d need to perform rather high quality phishing attacks against the bank accounts of checkout.com clients, easily causing tens or hundreds of millions of losses that would never be recovered.