Defender 404 lockouts locked out all users for 300 seconds

We had an issue last week where a particular IP address was flooding our site looking for vulnerabilities which created a lot of 404 errors in the Defender logs.
Defender did detect these and locked that IP address for 300 seconds, however, for some strange reason all our members were also locked out by 404 protection at the same time instead of this single IP address.
Would like to know if possible how this happened, and if it could happen again. We're hoping it was just a one-off, but would still like to get to the bottom of why it locked every member out.