I initially thought that too, but on second thoughts:
1) In order to clone someone's card, you need to read data from the real card.
2) In order to use a cloned card to get someone's contact info from the back-end database, you need access to the database.
If you can carry out both of those steps, chances are you could just have got their details from the database anyway by swiping the card, without any breach of the card's security, since that's what the system was designed to do.
There may be some attack which becomes possible by splitting the usual process into two distinct steps as above, or there may not. There are also some nuisance and alibi-style attacks, where you use a clone of someone's card to sign them up for stuff when they're not actually present. If the card were used for entry to the event as well, then of course you could use a clone of someone's card to get in free (and possibly stop them getting in).
But I'm not sure that the cloning weakness actually allows access to any personal data that isn't already accessible simply by swiping the card. Maybe the Black Hat organisers will comment.