A Massachusetts student pleaded guilty in court to hacking two US companies and extorting them for ransom. One of the organizations appears to be PowerSchool.
The student, Matthew D. Lane, 19, was charged with extorting a $200,000 ransom from a telecommunications company in exchange for not publicly sharing data previously stolen from it.
According to the indictment (PDF), the telecoms provider was hacked in October 2022, and confidential customer information was stolen from its systems.
Last year, Lane and others conspired to extort the carrier, threatening to leak the stolen information unless the ransom was paid and telling it that they had the only copy of the data.
The indictment also alleges that, in September 2024, Lane used an employee’s stolen credentials to hack into the network of a company that serves school districts in the US and Canada, stealing the personal information of both students and teachers.
In December, Lane allegedly transferred the information, including names, addresses, Social Security numbers, medical information, and other data, to a server he had leased in Ukraine.
According to the indictment, on December 28, the company received a ransom demand alleging that the personally identifiable information (PII) of over 60 million students and more than 10 million teachers would be leaked online unless a ransom of roughly $2.85 million would be paid, in Bitcoin.
While the hacked company has not been named, the description of the intrusion and the number of potentially impacted individuals matches those associated with the massive PowerSchool hack that came to light in January 2025.
The California-based education tech giant, which provides K-12 software and cloud-based solutions for school operations globally, said in January that PII was stolen from its Student Information System (SIS) environments.
In March, CrowdStrike shared the findings of its investigation into the attack, revealing that compromised credentials for a maintenance account were used to access PowerSchool’s SIS service through the company’s PowerSource portal. The portal was initially accessed in August and September 2024.
Student and teacher data was exfiltrated from PowerSchool’s environment between December 19 and December 28, Crowdstrike said, adding that it found no evidence of malware deployment or unauthorized activity after December 28.
PowerSchool reportedly paid a ransom to ensure that the stolen information was not shared publicly, but the company has not confirmed it.
In early May, the Toronto District School Board (TDSB) revealed that a threat actor had started contacting school districts in the US and Canada, claiming it was in the possession of the stolen data and demanding new ransom payments.
“Members of the public who have questions or concerns as to whether a particular student and/or teacher’s information was compromised should contact their local school district,” the Department of Justice said on Tuesday.
Lane agreed (PDF) to plead guilty to hacking the two companies, but a plea hearing has not yet been scheduled. He could be fined hundreds of thousands of dollars, in addition to being sentenced to prison.
Related: Suspected Scattered Spider Hacker Pleads Guilty
Related: Two Members of LockBit Ransomware Group Plead Guilty in US Court
Related: Prison Sentence for Man Involved in SEC X Account Hack
Related: Indiana Man Sentenced to 20 Years in Prison for Hacking, $37 Million Crypto Theft
