Was this a hack or a DDOS
I'm confused by the reports of what's happened. Was this a DDOS or a hack?
Frankly, it sounds like a DDOS. Quite possibly one of those ransom attempts that seem popular these days. That would not result in data being taken, just in the site being offline.
If you are hacking to actually steal customer data, you do not flood the site with traffic*, but rather would try and sneak in undetected. If the data is exposed by the front end (which is unlikely but possible if there was some kind of SQL Injection vuln or something) then flooding the front-end with traffic is just going to make it unavailable for the hack, also.
So I'm a bit puzzled.
*I admit there is a chance it was a diversion.