I'll confirm it
Seriously, they can't afford something more secure than WordPress? I work for a hosting company and 98% of all successful compromises we see come through WP. I'll give 10 to 1 odds to anyone who can show that WorstPress was not the vector for this compromise..