I think this is a good illustration of what Leo has been saying recently. It’s not enough to just use any VPN, since you’re just ‘kicking the can down the road’, you need to trust the provider. It seems like they don’t keep logs, but still, pretty concerning. I know NordVPN have been advertising very heavily for a while now, a lot of YouTube and Twitch sponsorships etc, so a lot of people impacted by this.
Edit: Here’s their official statement: https://nordvpn.com/blog/official-response-datacenter-breach/