Cosko took advantage of another employee's key to break into Hassan's office at least four times, using keyloggers to help him swipe login credentials and grab sensitive data. He published the Senators' information in September after he got "angry" at their line of questioning for Supreme Court nominee Brett Kavanaugh. Staff caught him in the act in October, and that same day he used an anonymous email address to threaten the release of "everything" if witnesses told others.
Cosko's plea covers five charges, including two for publishing restricted personal info as well as one each of computer fraud, obstruction of justice and witness tampering. He faces sentencing on June 13th, and attorneys believe he could serve between 30 to 57 months in prison.
It's not clear that other doxxing attempts would serve a similar sentence. There have been legislative efforts to make doxxing a specific crime in the US, but they haven't progressed far (2017's Online Safety Modernization Act got stuck in committee, for instance). Cosko is facing the prison time he is because of his intrusions and who he was targeting, and it might be another story if he'd targeted everyday people using social engineering and other subtler methods to obtain personal data.