Only your database user credentials by default get encrypted or in actual get hashed by Oracle when they travel over network or resides in database . So how about data ? No it does not . data can be stolen in readable form if network is not secured or your data is not encrypted . To mitigate this problem other than network security organisation have widely started using SSL/TLS implementation between client and database communication .
Interesting fact is Network encryption (native network encryption and SSL/TLS) and strong authentication services (Kerberos, PKI, and RADIUS) are no longer part of Oracle Advanced Security and are available in all licensed editions of all supported releases of the Oracle database hence you don’t need to pay extra for this option to use . Once implemented connection over TCPS is secured between client and database. This is one of the important and required measure against data theft and becoming must to have requirement where data security can’t be compromised. DBAs read more here .