There are a lot of bogus CFAA cases but it seems like this one is within the boundaries of reasonable law enforcement if the description posted above [0] is accurate.

The quick summary is (reddit) OP's husband was fired from a job and used old unrevoked access to crash their servers, was briefly contracted to fix it before the company found out they were the source of the crash and terminated them again, then after all that he then gained access to their DR facilities and physically damaged a number of servers.

If that's true it seems like a pretty cut and dry CFAA case (with some extra normal crime on top to boot) and the main issue to take with it is the FBI using it as leverage to get him to compromise his TOR node.

[0] https://news.ycombinator.com/item?id=45262053