Regardless if it may be "early" to change one's PW because the SSL breach hasn't been fixed yet, I think it's a good idea to do this frequently anyway, i.e. every 6 months. Plus, if they are just now finding out about this breach after it's been here for a couple years, why not do it any way using a "secure/complex" PW on financial accounts just as a course of habit. It's my understanding that the URLs using the SSL are the ones beginning with https vs. http. So, that might suggest if you have any vulnerabilities.
Thoughts entering one's mind need not exit one's mouth!
As I age my memory fades .... and that's a load off my mind!
"We Live In The Land Of The Free, Only Because Of The Brave"
“The problems we face today are there because the people who work for a living are outnumbered by those who vote for a living."
"Socialism is a philosophy of failure, the creed of ignorance, and the gospel of envy, its inherent virtue is the equal sharing of misery." Winston Churchill