PowerSchool Breach Hacker Sentenced After Extorting Student and Teacher Data
Matthew Lane, a Massachusetts student, pleaded guilty and was later sentenced in a federal case tied to the breach of education software provider PowerSchool, an intrusion U.S. authorities described as the largest cyberattack in U.S. education history. Prosecutors said Lane used stolen contractor credentials and vulnerability-scanning tools to access the company’s network, then threatened to publish sensitive records unless he was paid about $2.85 million in Bitcoin. The compromised data reportedly covered roughly 60 million students and 10 million teachers, including names, phone numbers, addresses, Social Security numbers and, in some cases, medical information.
Authorities said Lane also extorted a separate telecommunications company for $200,000 by threatening to release customer data. The case triggered ransom payments and White House Situation Room briefings, and investigators later found that some stolen PowerSchool data was allegedly retained by another actor and reused in follow-on extortion attempts against school districts. Lane received a four-year federal prison sentence and was ordered to pay more than $14 million in restitution, while U.S. investigators continue pursuing alleged co-conspirators.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Lane is sentenced to four years and ordered to pay restitution
By April 2026, Lane had pleaded guilty and received a four-year federal prison sentence for his role in the PowerSchool breach. He was also ordered to pay more than $14 million in restitution, while investigators continued pursuing alleged co-conspirators.
U.S. prosecutors announce Lane will plead guilty
The U.S. Attorney's Office for the District of Massachusetts announced that Matthew Lane would plead guilty to charges tied to the theft and extortion of data from PowerSchool and a separate telecommunications company. The charges included cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers, and aggravated identity theft.
Rogue actor reuses retained PowerSchool data in follow-on extortion
After Lane's arrest, some of the stolen PowerSchool data was allegedly kept by a rogue actor and later used in additional extortion attempts against school districts. This indicated the breach continued to create downstream risk beyond the initial intrusion.
Attackers extort PowerSchool over stolen student and teacher data
After accessing PowerSchool, Lane and co-conspirators allegedly threatened to release data belonging to about 60 million students and 10 million teachers unless they were paid roughly $2.85 million in Bitcoin. The stolen information reportedly included names, phone numbers, Social Security numbers, addresses, and medical histories.
Matthew Lane breaches PowerSchool using stolen credentials
Prosecutors said Matthew Lane used stolen login credentials to access the network of a software and cloud storage provider serving school systems, identified by reporting as PowerSchool. The intrusion exposed highly sensitive student and teacher data held by a provider used by much of North American K-12 education.
PowerSchool pays ransom after the breach
ABC News reported that the PowerSchool breach prompted ransom payments following the theft of education records. The incident was serious enough to trigger White House Situation Room briefings.
Sources
5 references tracked. Mallory keeps watching after this page renders.
'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prison - ABC News
abcnews.com
Open sourceMassachusetts 19-year-old pleading guilty to stealing, extorting teacher and student private data | AP News
apnews.com
Open sourceUS Teen to Plead Guilty in PowerSchool Extortion Campaign - Infosecurity Magazine
infosecurity-magazine.com
Open sourceDistrict of Massachusetts | Worcester College Student to Plead Guilty to Cyber Extortions | United States Department of Justice
justice.gov
Open sourcePowerSchool Admits Ransom Payment Amid Fresh Extortion Demands - Infosecurity Magazine
infosecurity-magazine.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
PowerSchool Data Breach and Ransom Attempt by Matthew Lane
Matthew Lane, a 19-year-old from Massachusetts, was convicted for hacking into the educational technology company PowerSchool and stealing sensitive personal data belonging to over 60 million students and 9 million teachers. Lane accessed PowerSchool's databases using sophisticated techniques, including VPNs, foreign servers, and stolen credentials, to evade detection. After obtaining the data, he demanded a ransom of $2.9 million, threatening to leak the information if his demands were not met. The exposed data included Social Security numbers, special education status, and medical conditions, putting millions at risk of identity theft and privacy violations. The breach became public in January, prompting PowerSchool to incur over $14 million in costs, which included providing identity theft monitoring for affected individuals. Prosecutors highlighted Lane's history of cybercrime, noting that he had previously targeted at least seven other victims, including foreign government entities, since 2021. In addition to the PowerSchool incident, Lane pleaded guilty to hacking a telecommunications firm in 2024 and demanding a $200,000 ransom. Prosecutors described Lane as acting out of greed, using the proceeds from his crimes to fund housing and luxury purchases, despite having legitimate career opportunities in technology. Lane also advised a co-conspirator on operational security, instructing them to use burner phones and wear gloves and masks when withdrawing money from ATMs with stolen cards. The court sentenced Lane to four years in prison, less than the seven years sought by prosecutors, and ordered him to pay approximately $14 million in restitution and a $25,000 fine. The sentencing memorandum detailed the significant impact of the breach on PowerSchool, including financial losses and reputational damage. The case underscores the growing threat of cyberattacks targeting educational institutions and the severe consequences for perpetrators. Prosecutors emphasized the need for deterrence, citing Lane's calculated and repeated offenses. The incident has raised concerns about the security of student and teacher data held by technology vendors. PowerSchool's response included notifying affected individuals and enhancing its cybersecurity measures. The case has drawn attention from both cybersecurity professionals and the broader public due to the scale of the breach and the young age of the perpetrator. Lane's sentencing marks a significant legal outcome in the fight against cybercrime targeting the education sector.
Mar 21, 2026
PowerSchool Breach Exposed Student and Teacher Data as Minnesota District Faced Suspected Ransomware
A breach tied to **PowerSchool**, a widely used K-12 software provider, exposed student and teacher information from school districts across the U.S., including New Jersey districts where officials said data on students and educators was stolen in a nationwide cyberattack. Reporting on the incident said the compromise affected records held by schools using the platform, raising concerns about the scale of exposure across the education sector and the security of sensitive K-12 data. Separately, **Spring Lake Park Schools** in Minnesota canceled classes and shut down technology systems after an outside actor gained unauthorized access to district networks in what officials described as a suspected ransomware incident. The disruption affected classes, child care, community education, and after-school programs, while the district worked with third-party cybersecurity experts, state law enforcement, and the **FBI** to contain the intrusion and restore operations; officials later said classes would resume and that they had no evidence at that point that personal information had been affected.
May 25, 2026
Canvas Breach Disrupted Schools and Exposed User Data via Free-for-Teacher Flaw
A cyberattack against Instructure’s **Canvas** platform disrupted universities and K-12 schools across the United States, with major California institutions including UC, CSU, USC, Stanford, and community colleges reporting outages and academic disruption during finals. Ransom notes attributed to **ShinyHunters** appeared on some school homepages, and the FBI said it was assisting victims in multiple states while warning students and staff not to engage with extortionists or scammers. Schools extended deadlines, changed exam schedules, and shifted to alternate communication channels as Canvas services were restored. Instructure said an unauthorized actor exploited a vulnerability tied to support tickets in its **Free for Teacher** environment, which the company temporarily disabled while conducting a broader security review. The company later confirmed unauthorized access to part of its environment and said exposed data could include usernames, email addresses, course names, enrollment information, student ID numbers, and user messages, while passwords, dates of birth, government identifiers, financial data, course content, submissions, and credentials were not compromised. The incident renewed scrutiny of centralized education technology providers after earlier education-sector extortion cases, including reports that **PowerSchool** paid a ransom following claims that data on **62 million students** had been stolen.
Jun 3, 2026