Keyloggers are bad thing to have on any machine, it can be really bad on a server.
After all your security precautionary measures are in place, there is always a risk that something will happen. All you will do is reduce your risk, you can’t totally remove that risk. With numbers in the hundreds or thousands being discovered every day, eventually something will get in. Given enough time anything is possible.
I am surprised that this even made the news, I would think that something like this happens more then every week. It could be that newer data leakage laws that it’s being released, but it takes an informed reporter to understand the severity of something like this.