There's gonna be lots of those IMHO. GDPR will change a lot how IT companies manage their businesses and security as well. And I can't see American companies complying a lot with EU laws...Tense moment we live in.
I'm thinking this breach will only draw more attention to NordVPN, ever since yesterday I can't browse Reddit without seeing somewhere something about NordVPN. Anw, I read this article and it's an interesting story, this article picked good examples from Reddit. TechCrunch article that started all this didn't even name a "security researcher" who blamed Nord for lack of security, then official Nord statement came out with an explanation how some Finish company messed up their security and kept it secret. GG, TechCrunch for showing that profits (they're owned by Verizon that also has a VPN, LOL) matter more than objective journalism.