The FBI has launched criminal action against the man accused of hacking Ticketfly and accessing more than 27 million accounts in 2018.

The cyber-attack forced the Eventbrite-owned firm to remain offline for more than four days, affecting millions of customers and thousands of venues and events operators.

Ticketfly admitted in 2018 that information including names, addresses, email addresses and phone numbers connected to approximately 27 million Ticketfly accounts was accessed. However, it said credit and debit card information was not accessed. The firm was reportedly warned by the person who claimed to be the hacker that it had a vulnerability that allowed him to access the firm’s entire database and website.

The FBI’s papers state: “On or about 27 May 2018, and continuing to at least 31 May 2018, in the Northern District of California and elsewhere, the defendant, with intent to extort from Ticketfly money and other things of value, transmitted in interstate and foreign commerce a communication containing a demand and request for money and other things of value in relation to damage to a protected computer, to wit, Ticketfly’s servers, where such damage was caused to facilitate the extortion.”

The FBI court paperwork says that the defendant attempted to extort Ticketfly for five days.

The FBI filing continued: “The defendant, with intent to extort from Ticketfly money and other things of value, transmitted in interstate and foreign commerce a communication containing a demand and request for money and other things of value in relation to damage to a protected computer.”

Eventbrite said in a statement: “We’re pleased to see that the alleged perpetrator of the malicious attack on Ticketfly that occurred in 2018 has been identified and indicted. We appreciate the efforts of the FBI and the United States Attorney’s Office in their continued pursuit of justice and for seeking closure for all involved.”

The FBI said that the maximum penalty for digital extortion is three years in jail and a $250,000 fine.