we're not aware of anyone's data being compromised.
Well, if you're not using HTTPS, you wouldn't be aware of it, almost by design. Not being aware of the man-in-the-middle doesn't mean he isn't there. All it takes is a poisoned DNS server, redirecting requests to a proxy, and someone can be listening in on all the unsecured connections for any domain that DNS server is serving up the address for.