Even a fairly strict definition of hacker (what I might call a cracker) includes the possibility of exploiting other software bugs. Your bank data is usually only encrypted while going over the internet. On both ends, your PC, and the banks computer, it is often wide open.
If I were trying to crack the bank to steal money, I'd probably go after other possible software or human weaknesses, rather than trying to crack the encrypted data going over the net. It's not even clear what good cracking the data intransit would do me.
It is as if you hired an armored car to transport your pile of cash from the mattress in your apartment, to your uncle's shoebox in his garage. If I wanted to steal that money, I'd let the armored car pass, and either sneak in before to your apartment, or after to your uncle's garage, to steal it.
In this case, getting into your PC only nets me your money, while getting into the banks computer could net me the money of many customers, if I can just figure out how to get it transferred out to someplace I can use it, without leaving a trail that leads the investigators straight to me.
One of the uses for rootkits is to hide programs on your PC that will wait until you connect to your bank, and then add a few instructions to those you send along, asking for some money to be transferred out to the bad guys account as well.
Most likely, the banks computers get hit now and then as well. That's harder (one would hope) but more lucrative. We don't hear much about such attacks, as the banks tend not to publicize them, or as in this case, publicize them with insufficient or inaccurate details.
Thanks very much for your detailed reply. I hope that you're right, it's just that I had sort of understood that in the matter of financial operations on computers, all links in the chain were typically encrypted, or supposed to be at any rate. I don't pretend to be an expert on the systems used by banks, but it's easy to see that if there are unsecure elements in the chain, any of those elements, if compromised, could lead to a criminal having easier access to the system.
Hopefully this is what has happened and hopefully the systems used by banks in the US and UK are far more secure than those used ny the banks in South Africa.