Comment by LorenPechtel

Such data is typically encrypted and purely write-only, only read by the system itself. Thus it is only exposed if the database itself is exposed. If the leak was compromise of the systems that access the data (which appears to be the case here--insiders copied data they could access) the write-only info is not exposed.