That's a very difficult question. It's the nature of computer security and systems that you only discover years later you were breached.
Based on the calibre of the people I've met and what I know of their system, they have as good a series of protections as you could possibly have on any computer system to protect what they're doing. As to whether it could turn out at some point that there's been some malicious piece of code or some compromise running somewhere in there, it's almost impossible to say.
I think they're very savvy, very aware in monitoring their own environments and looking for patterns of strange behaviour that lie outside the norms. This is a pattern we're beginning to see elsewhere, with both the online banks and insurance companies in the U.K., but also with our taxation departments.
Even when I'm logged in to my tax account, despite the fact they've accepted proof of who I am by my logging in, they are running behavioural analytics in the background to see how I behave when I'm on their website. For 15 years I've been logging in and using my tax account. They probably have a pattern of behaviour they expect to see from me. If they see something different going on, that can automatically raise flags that perhaps somebody has hacked into my account, and they can close down access.