This Register article (https://www.theregister.co.uk/2019/12/06/vpnbusting_bug_spotted/) is from a few weeks ago about a vulnerability in how Linux connects to VPNs. It sounds like the miscreant has to be adjacent to the local network (not the VPN) to take advantage.
I have no idea if this affects PIA users but I've sent them an email just to be sure. I'll post their response when I get it. If anybody uses another VPN provider, I suggest contacting them as well. It sounds pretty serious.
I received a reply from PIA regarding the bug:
Quote
Hello Jason,
Thank you for contacting the PIA Helpdesk! I will be happy to address your concerns.
We are aware of the CVE-2019-14899 vulnerability on Linux systems. The latest version of our VPN app, 1.7.0. added mitigations to counter that weakness. You can download the latest versions of our application and see a changelog for each release here: https://www.privateinternetaccess.com/pages/changelog (https://www.privateinternetaccess.com/pages/changelog)
If you have further questions, we'll be glad to answer them!
Best,
Nathanael M.
Customer Support Agent
A+, Net+, Sec+
I asked and received permission to post this email and Nathanael also mentioned that their official announcement can be found here (https://old.reddit.com/r/PrivateInternetAccess/comments/eblmbz/announcement_desktop_v17_release/).