Encryption or not, if I had access to the internal network how long until I had the DB system account credentials? Then I can bypass all the data access rules, or even create database clones and start stripping the logs. The possibilities are numerous. Then feed the data out a bit at a time.
More than likely it's not that nefarious or complicated. Someone did a bit a social engineering and got lucky or planned to get a very close set of credentials. Then physically walked in and grabbed the data. You don't even need the whole database. It's possibly a couple HR or project tables.
tl;dr Encryption wouldn't have stopped this when the crackers had internal access.