I'm sure most companies don't keep the full card info around, but instead are given a handle that enables them to charge the card each month without keeping dangerous info around. (Handle is my word for something I surmise exists but have no proof thereof.)
None of the articles I've seen mention the existence of such a thing, and therefore, don't say whether that information was also compromised.
I mention it because I haven't heard anyone talking about having to replace their cards or to cancel and restart monthly #DigitalOcean billing.
One last thing. Historically, when a company is breached, they say "the incident only affected a small subset of our users / customers", then that subset gets larger and larger over time. In some cases, the subset eventually comprises the entire user / customer base.
>What is Tokenization?
>
>Tokenization is the process of swapping highly-sensitive personal payment data for a ‘token’, which comprises a number of random digits that cannot be restored back to their original value.