Do Son 
A 19-year-old college student from Worcester, Massachusetts has pleaded guilty to orchestrating a large-scale cyberattack on PowerSchool—one of the largest educational service providers, whose platforms are used by millions of students and educators. The crime resulted not only in the exposure of sensitive data, but also in the attempted extortion of millions of dollars in cryptocurrency in exchange for withholding the leaked information.
According to the U.S. Department of Justice, Matthew D. Lane admitted guilt on four federal charges: conspiracy to commit online extortion, extortion itself, unauthorized access to protected computers, and aggravated identity theft. The Department confirmed that Lane did not act alone—other accomplices are named in the case, though their identities remain undisclosed.
Investigators determined that as early as 2022, Lane and his co-conspirators breached an American telecommunications company, gaining access to its client data. During the intrusion, they also obtained login credentials belonging to an employee of a contractor affiliated with PowerSchool—credentials that would later become the key to infiltrating the educational platform.
Initially, the attackers demanded $200,000 from the telecom firm, threatening its leadership. When the ransom was not paid, they shifted their focus to PowerSchool. In December 2024, using the previously stolen credentials, they infiltrated the PowerSource platform and leveraged built-in administrative tools to exfiltrate entire databases.
The breach compromised the personal information of 62.4 million students and 9.5 million teachers across 6,505 school districts in the U.S., Canada, and other countries. The stolen data included names, addresses, phone numbers, passwords, parental details, Social Security numbers, medical records, and academic performance data.
On December 28, the perpetrators demanded $2.85 million in Bitcoin from PowerSchool, threatening to release the stolen information publicly if the ransom was not met. While reports suggest the company may have paid the ransom, the exact amount remains undisclosed. Even so, the attackers continued their campaign, sending follow-up extortion demands to individual schools—pressuring them to pay for the “non-disclosure” of compromised information.
According to school notifications and reports from DataBreaches.net, the ransom notes were signed by ShinyHunters—a notorious group previously linked to the Snowflake breach and the 2022 AT&T hack, which impacted 109 million users. Despite the arrest of several group members, it remains unclear whether the latest attack was carried out by remaining operatives or imitators seeking to divert suspicion.
Matthew Lane now awaits sentencing. He faces a mandatory minimum of two years in prison for identity theft and up to five years for each of the remaining charges.
This high-profile crime stands as yet another stark reminder of the vulnerability of even the most expansive digital infrastructures—particularly in the education sector, where vast amounts of personal data often remain insufficiently protected.
Donate