To help their cause, I have reported my CC stolen, so that I can get a new CC number. Also to help them along, I've made sure that I have two-factor authentication on my bank account and my email account. To help even more, I changed the signon name of my bank account. That doesn't mean that there isn't a flaw in bank's system, or somewhere in the systems/routines, but this should, hopefully, make exploiting their current data prohibitively annoying.
Security by obscurity: it actually works pretty well.