If you encrypt them before using a service like MoveIt, a breach of MoveIt doesn't cause any records to be breached, because they are all encrypted by another program and key.
PKZip, 7-Zip, and other free encryption programs easily do this.
It doesn’t sound like the data breach was due to uploaded files but by failed database management / encryption. How do you figure file transfer in the clear was the problem?
I would not be surprised if various US government agencies didn't have master keys to decrypt anything encrypted with common encryption products.
Still, it would be much safer to pre-encrypt.