The difference between losing all of your customers and keeping some of them...
How to keep some of them: "We're not required to encrypt bank details, however this attack shows that encryption is important and we clearly should be. As such we have implemented a plan to encrypt all user data within the next month to prevent such an attack from happening. We truly apologise for any inconvenience or concern caused by this data breach, but rest assured your data will be safer with us than most other companies in the future."
The TalkTalk school on how to lose all of them: "We didn't need to do it. We still don't. Tough shit."