A secure democratic Net is a fundamental right

So to use this many accounts, one would need to set up a number of new accounts in other banks (a few at a time and more than one so that the number of transactions to a given account would not be too high), then siphon a little bit of money off a few stolen accounts to some of the new accounts, withdraw the money, then close the new accounts almost immediately. The amount withdrawn would need to be random and small enough to escape detection for at least a few days. Anything faster would surely raise suspicion and cause automatic transaction blocking (at least, if the banks have some kind of working fraud prevention), especially since the announcement of the stolen data up for sale. I can also imagine adding a fraud check for a slurry of never-seen-before transactions to new accounts. Wire transfers would be quickest, yet they would also stand out more (since a bunch of new wire transfers from accounts which had never made a wire transfer before would be unusual -- the likely case for most accounts). 

The 12 million price tag seems like a number arrived at by the thieves after taking into account the difficulties to be faced in exploiting the 21 million accounts while they are still exploitable. It seems likely that any purchaser would in turn sell them again in smaller blocks (a lot safer that way, relatively speaking). 

source