said by dave:
Depends how they stole it, I supposed. If they got the database files, sure - encryption would protect it. But if they cracked someone's account and then executed a "legitimate" database listing program, it might obligingly list the plaintext data.
Judging by the timeline of illegal access to discovery (less than 1 day) the hacker wouldn't have had time to have converted up to a million records to plain text but instead just moved a plain text database offsite.