The service is just overloaded. I very much doubt that ISPs would take this action or react this quickly. See Kim Dotcom's tweet on the subject

Also, they totally botched the definition of PUE - a PUE score of 1.2 means that for every 1.2 watts delivered to the data center, 1 watt of it goes directly into powering the equipment itself and is not maintenance money, like UPSs, cooling, battery backups, etc. So ~83% of power going in is used directly for the IT equipment itself. That's fantastic; the typical data center runs about 2.5 PUE.

Not so. The University I go to has a number of library and lab machines that people log in to all the time. He easily could have done that, and I'm sure he did - installing keyloggers on laptops is a much more difficult task and is not "hacking", it's simply being a dick and definitely illegal. However, there is NOTHING in the article to suggest that's what happened. It's a simple case of a guy figuring out how to install a keylogger and how to read swipe cards. That's it. It says nowhere that he accessed their accounts or did anything past getting their account usernames and passwords.