Here is the thing in the US and isp’s and companies. Any data that is collected and be subpoenaed.
This is one of the main reasons vpn companies do t keep access logs, because when they are subpoenaed the response would legally be, we don’t have that data.
In cases like this most companies and admins if they have an abuse email or can validate over the phone in cases like these. Admins will hand over details