A 19-year-old college student from Massachusetts pleaded guilty on Tuesday for the massive December hack and ransom of PowerSchool, a North American software provider serving 60 million students.
Matthew D. Lane now faces 17 years behind bars for taking part in a December ransomware attack on PowerSchool, a cloud-based K-12 software provider for over 15,000 schools across the US and Canada.
Lane and other co-conspirators are accused of hacking into PowerSchool computer networks and stealing the personal data of 60 million students and 10 million teachers, according to the US Attorney’s Office for the District of Massachusetts, prosecuting the case.
The treasure trove of compromised data included such details as names, email addresses, phone numbers, Social Security numbers, dates of birth, medical information, residential addresses, parent and guardian information, passwords, and more.
🚨 #BREAKING Assumption University student charged in connection w/ the hacking into computer networks of two U.S.-based companies and extorting the companies for ransoms. 🚨@FBIBoston
undefined U.S. Attorney Massachusetts (@DMAnews1) May 20, 2025
READ: https://t.co/sYMSe22QPo
Lane, who allegedly gained access to PowerSchool systems using stolen credentials, apparently transferred the stolen cache of personally identifying information (PII) to a computer server he had leased in Ukraine.
“As alleged, this defendant stole private information about millions of children and teachers, imposed substantial financial costs on his victims, and instilled fear in parents that their kids’ information had been leaked into the hands of criminals – all to put a notch in his hacking belt, said US Attorney Leah B. Foley.
Hackers demanded millions in ransom - and were paid
PowerSchool admitted shortly after the breach to paying the hackers an undisclosed ransom demand (they had asked for $2.5 million in Bitcoin), but Lane and his crew did not stop there, and months later began attempting to extort dozens of school districts caught up in the original attack.
What’s more, prosecutors say Lane, who resides in Sterling, a small town in Worcester County, with a population of just over 7,000 people, pleaded guilty not only to the PowerSchool incident but also to hacking an unnamed US-based telecommunications company, which he also reportedly tried to ransom for $200,000.
“Matthew Lane apparently thought he found a way to get rich quick, but this 19-year-old now stands accused of hiding behind his keyboard to gain unauthorized access and obtain sensitive data, which was used in an attempt to extort millions of dollars, said Kimberly Milka, Acting Special Agent in Charge of the FBI, Boston Division.
According to court documents, Lane and others attempted to extort the telecommunications company sometime between April and May 2024. Lane and at least one co-conspirator from Illinois were said to have used encrypted messaging applications, anonymized email addresses, and online accounts to hide their identities and evade detection from the victim and law enforcement.
When the hacker crew allegedly threatened to leak the customer data stolen from the telecom in October 2022, the company pushed back, questioning if paying the ransom demand would end the threats.
Lane was said to have responded, “We are the only ones with a copy of this data now. Stop this nonsense [or] your executives and employees will see the same fate . . . . Make the correct decision and pay the ransom. If you keep stalling, it will be leaked.”
Officials say Lane faces up to 15 years in federal prison – five years for each charge of cyber extortion conspiracy, cyber extortion, and unauthorized access to protected computers – as well as three years of supervised release and a fine of up to $250,000. He will also serve a mandatory two years in prison for the charge of aggravated identity theft.
Lane was said to be a student at Assumption University, a private Catholic college in Worcester, Massachusetts. A sentencing date is yet to be scheduled.
Your email address will not be published. Required fields are markedmarked