It doesn’t sound like the data breach was due to uploaded files but by failed database management / encryption. How do you figure file transfer in the clear was the problem?
If your files are encypted before they are put into MoveIt (where MoveIt claims they encrypt things), they are already encrypted, either at rest, or in transit.
This is not rocket science.
What can’t you understand?