[pgrote]

I think there is something wrong with it.

As a site that has access to financial records, I would expect them to explain in detail why they aren't affected and if they were ever vulnerable.

For instance, if they are using IIS (I know, I know) it would be an easy answer.

The fact they are not explaining clearly and in detail leads me to believe that there is/was something amiss.

The transparency expectation of them is greater.

[LocalPCGuy]

It looks like they are running Java servers on F5 Big-IP platform(s). I tend to believe it when they say they aren't vulnerable, and understand why they would not want to say any more about their architecture than they have to.

[ams6110]

Why do they have access to your financial records? Because you gave them the password to your bank account. The consequences of that action were only a matter of time.