I've sworn by PIA for years, but, as Ray said near the beginning of
Ghostbusters, I won't touch NordVPN with a ten-meter cattle prod:
https://www.techradar.com/news/whats-the-truth-about-the-nordvpn-breach-heres-what-we-now-know
https://krebsonsecurity.com/2019/10/avast-nordvpn-breaches-tied-to-phantom-user-accounts/
The one thing that NordVPN is
really good at though is spreading their brand feces all over the Internet by putting tons of ads up wherever they can, getting spotlighted in puff pieces on the mid and lower tiers of the tech media, and sponsoring quite a few YouTubers (I winced when they sponsored one of
Simone Giertz's episodes a few months ago, because she's an awesome maker in Adam Savage's circle of friends).
It may have been several months since the breach was acknowledged and supposedly fixed, but that breach was active for about a year before that and their official responses didn't fill me with confidence, especially since they didn't even dial back their ads/YT sponsorships a bit when the breach was publicized.
If NordVPN spent as much time and money in securing their network (which is also
their product) as they did in buying buttloads of ads and sponsorships, they might not have to deal with breaches as severe as that one was.