Funny thing is this exploit has been in existence for 2 years. Researchers just found it. Good on the CRA for shutting down their site until they fix it though. They are not alone, almost 2/3rds of https sites use OpenSSL as its the default encryption method Apache servers. Its not the default for windows servers so they are generally safe.
I know that Royal Bank's site and HRBlock is ok. But do your research for your own sites you use. I know people at work were losing their minds. "OMG I changed all the passwords on all my sites! Phew!" and their faces when I said its not fixed yet and they would have been better off not logging in at all as the exploit can only grab 64k blocks from memory at a time and memory is overwritten/purged often. So if they just left it alone their info would have been gone within minutes to a day most likely. But now every person on the planet is saturating memory blocks with their passwords...ripe for the picking now that any hackers who did not figure it out themselves now know its possible....this is what happens when the media grabs a hold of something tech and blows it up.