In this day and age there is no need for a TalkTalk to retain sensitive bank data. It's no great leap of technology for an ISP (for example) and my bank to exchange a cryptographic token in order to transfer money between two accounts. This can be used on all subsequent occasions for further financial transfer between the two parties. Once set up the bank details can then be forgotten. What's more the exchange token would not be particularly secret once created. Using it, a malicious operator might be able to exchange money between the two named accounts, and that's about it.
A footnote to this is that data encryption would be no help whatever in the case of a so called website hack. Our media and politicians are starting to show their ignorance as days roll by.
