It seems to me that the fundamental problem is not that they got hacked (although it seems that storing a decryption key in the same directory as the encrypted data is over the top careless), but their response to the disclosure that they got hacked. I realize that there may be limitations on exactly what they can say, but they should be as open as possible on what may have happened, what they are doing to protect their customers, and what their customers should do to protect themselves. Customers taking action when there wasn't a breach is less of a problem than not taking action when there was, in fact, a breach.

That's true -- it could indeed happen to anyone who keeps encrypted data adjacent to the keys.

Linode really needs to make a statement about what happened with this hack, stating if credit card information was taken. A lack of communication does not help me trust them. I'd rather have them speak up as to what happened and know if I need to have my CC reissued.

They may not know if CC info was taken or not.