Unusually poor article - not like you, Reg?
I struggle to understand why there is criticism of CCP, or any company, for being "overly cautious" with customers credit card information? I applaud CCP for the way this has been handled.
You don't have to look far to find that the servers were in fact taken down voluntarily, by CCP, in order to protect user data. I suppose looking as far as CCP's twitter feed or facebook page is too much like journalism on this occasion? You could argue that Minecraft recovered rather quicker, but given that Minecraft is neither an MMO nor a subscription service, CCP's cautiousness is very much warranted.
Instead, this article paraphrases the scare-tactics of lesser publications by suggesting this is 'Hacktivism' which successfully highlights poor security. Firstly, as many have said, DDoS isn't hacking in the same sense as driving a truck through the door of a house isn't lock-picking.
Equally, successfully getting said truck through the door is not indicative that the door was insufficiently secure. Why are CCP expected to be able to fend off a massive DDoS attack, or any other extreme situation, and stay active as though nothing had happened?
Conversely, I'm sure their protection against actual, real hacking is more than sufficient. Switching off the servers for a mere 5 hours in the interests of protecting customer data is an effective if basic strategy that I'm perfectly happy with.