*there's always a possibility that the attacker tampered with the database. But it's nearly impossible to tell which data was tampered with and which wasn't, so either way they're in pretty hot water.
If only database technology was available for financial services where there is the ability to store transactions with auditable history as well as there being an archive log such that recovery to a point in time is possible. If only such a thing existed ....