Encryption is only helpful if the hacker accesses the data at a level below the normal level of access. At the normal level of access by definition the data has to be accessible in plain text otherwise there would typically be no point having it.
For example, the Westpac attack (being discussed here: Real-time payments are on the way - #8 by syrup but maybe is missing here) basically looks like a screen scraping attack - and no amount of encryption will help. They may need rate limiting and/or they may need a CAPTCHA.
At the other end of the scale, if the attackers are able to bypass the web and application tiers and get direct access to an SQL database then having some fields stored encrypted in the database will help (under the potentially bold assumption that the attackers have been able to get or access the SQL database but not get the encryption key).
Insufficient information about the ANU attack has been made available.
(Regulations may require credit card numbers to be stored encrypted.)
