I have no knowledge of the bank in question, but banks in general impose very strict password policies, requiring an obscure combination of upper and lower case letters, numbers and other characters.
Clearly then, if they have a strict password policy, it is impossible for such a vulnerability to exist unless a customer has disclosed his password or written it down. We should simply be grateful that they know so much more about the world of computers than we mere mortals could ever comprehend.