Skip to content

US Teen found guilty in extortion scheme targeting PowerSchool

  • by
  • 2 min read

19-year-old Massachusetts college student Matthew D. Lane has pleaded guilty to orchestrating an extortion scheme targeting school software provider PowerSchool. The US Department of Justice (DoJ) has accused Lane of hacking into two US companies and demanding a ransom.

According to a court document published by the DoJ, Lane has pleaded guilty to one count of cyber extortion conspiracy, cyber extortion, unauthorised access to protected computers, and aggravated identity theft. The court document doesn’t mention PowerSchool, claiming the attacks were against “an education software provider.” However, BleepingComputer cited sources claiming the term is a reference to PowerSchool.

PowerSchool had announced a cyberattack that leaked user data in January 2025. The leaked data affected over 60 million students and 10 million teachers from over 6,505 schools globally. Stolen data included:

  • Student and teacher names
  • Addresses
  • Phone numbers
  • Parent information
  • Social Security numbers
  • Passwords
  • Medical data
  • Grades
  • Parent information and other contact details
This is an image of hacked security illustration 11

While such attacks are usually carried out using ransomware, this was a simple network penetration attack. The business emailed its clients that an unauthorised actor could gain access to its systems on December 28 using compromised credentials. PowerSchool reportedly paid a ransom to prevent hackers from leaking the stolen data to the public.

PowerSchool wasn’t the only target for Lane and his group, all unnamed in the DoJ court document. They had also hacked a US telecom company in 2022, stealing sensitive data. Between April and May 2024, Lane tried to extort the company for $200,000, but the attempt failed. The attack on PowerSchool followed shortly.

The DoJ claims that the hackers initially demanded $2.85 million from PowerSchool on December 28, 2024. The company ended up paying an undisclosed amount in ransom, but affected schools received ransom notes of their own.

If convicted, Lane faces charges for hacking both companies. The exact sentence remains to be decided, but Lane can have up to two to five years in prison with fines up to $250,000.

In the News: Malicious PyPi packages found exploiting Instagram and TikTok APIs

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

How to download print google calendar? | candid. Technology

Chinese hackers are using Google Calendar to target governments

Illustration: jmiks | shutterstock

Fake AI software installers are spreading ransomware

This is an image of router vs wifi

ASUS routers hacked in mass backdoor campaign

This is an image of dark web hacker security

Victoria’s Secret website taken down after cyber attack

This is an image of spyware malware cybersecurity privacy featured 31

Virgin Media’s O2 network exposed customer phone locations

This is an image of malware featured security

Hackers caught using fake AI websites to spread malware

>