They are so far out of their depth. It would be funny if not for the millions of man-hours wasted that evening and the almost certainty that the information collected will be pwned at some point.
The ddos was too small to even register on global attack map yet overwhelmed their configuration. And they believed that all the bad guys are overseas and can therefore be easily blocked on IP ranges. That strategy was never going to cut it. They clearly haven't looked at the paid er "load test services" on offer over the dark web. You know, the ones where you can select the country from which the attack should originate. The only thing that surprised me is that noone took credit for it. That combined with the lack of presence on digital attack map leads me to believe they ddos'd themselves by underprovisioning.