An indictment was unsealed on Tuesday against a Russian man who has been accused of hacking the Metropolitan Police Department’s computer system two years ago and stealing more than 250 gigabytes worth of confidential files and documents, all of which were eventually published on the internet and led to scores of unflattering stories about the department’s practices.

Mikhail Pavlovich Matveev, 30, is accused of being a member of the hacking group Babuk, which engaged in a number of ransomware schemes in D.C. and New Jersey. He has been charged with intentional damage to a protected computer and threats relating to a protected computer. A reward of up to $10 million is being offered for his capture, and the U.S. Treasury Department has formally sanctioned him.

The hacking of MPD’s computers happened almost exactly two years ago, when a group of self-proclaimed “cyberpunks” stole a large cache of the department’s files and data and demanded a $4 million ransom payment to return them. The city briefly negotiated with the hackers, but ultimately decided not to pay the ransom, prompting the group to post the documents on the internet in full.

The data included private personnel information on police officers and recruits, but also reams of documents related to intelligence-gathering operations, disciplinary files, and sensitive documents on police practices. The documents spawned news reporting on MPD’s controversial gang database, an aggressive police initiative to tamp down on robberies, and intelligence briefs on right-wing activists. Working with Reveal, DCist/WAMU uncovered a pattern of police officers who broke the law spared from being fired by a little-known disciplinary panel.

“Data theft and extortion attempts by ransomware groups are corrosive, cynical attacks on key institutions and the good people behind them as they go about their business and serve the public,” said U.S. Attorney for D.C. Matthew Graves. “Whether these criminals target law enforcement, other government agencies, or private companies like health care providers, we will use every tool at our disposal to prosecute and punish such offenses. Thanks to exceptional work by our partners here, we identified and charged this culprit.”

Hacking and data breaches have become a more significant threat for government agencies and school systems across the country. Last year, another ransomware attack targeted Events D.C., the city’s sports and convention authority, leading to a significant loss of data and files. A more recent breach took place at D.C.’s health insurance exchange, though that was blamed on human error.

In 2017, a pair of Romanian hackers briefly took over two-thirds of MPD’s surveillance cameras ahead of the presidential inauguration. One of the hackers, Eveline Cismaru, pleaded guilty and was eventually deported.

In 2012, a less sophisticated hack against D.C. government servers brought down city websites for the better part of a day. The attack— launched by a teenager who had mistaken the D.C. government for the federal government — also targeted then-mayor Vincent Gray, whose personal data was briefly posted online. The hacker was eventually sentenced to three years probation for a number of cyberattacks.

“We want the indictment, sanctions and reward for Mikhail Matveev to sound an alarm in the ranks of cyber criminals all over the world,” said Special Agent in Charge James Dennehy, of the FBI’s Newark Field Office, in a statement on the MPD hack. “The FBI and our law enforcement partners, as well as our international partners, are coming after you.”