You might want to add the proper context that the servers were siezed by authorities (so not stolen) and they were very transparent about the fact that it was a legacy system. They also followed with a plan to rectify, including third part audits. Every organization makes mistakes, it’s how they respond that matters.
If you’re looking for a VPN provider that hasn’t had issues ever in their history, good luck. You’ll just end up with the ones who lie and cover up incidents.