Teen Hacker Behind Massive Education Data Breach Sentenced to Prison
A 20-year-old hacker, Matthew Lane, has been sentenced to four years in prison for orchestrating one of the largest education data breaches in history. Lane, who began hacking at 15, infiltrated PowerSchool a California-based software provider serving over 18,000 school districts worldwide using stolen employee credentials in 2024. He exfiltrated sensitive data, including Social Security numbers, birth dates, and medical records, transferring it to a server in Ukraine before demanding a $2.8 million Bitcoin ransom.
PowerSchool paid an undisclosed sum to prevent the leak of data belonging to an estimated 60 million students and 10 million teachers across the U.S., Canada, and other countries. The breach impacted several San Diego County school districts, including Rancho Santa Fe, Ramona Unified, and Santee, though San Diego Unified later confirmed its data was unaffected.
Lane, who has autism, described hacking as an addiction, driven by the thrill and financial rewards. He used ransom proceeds to fund a lavish lifestyle, including a penthouse and designer goods. Arrested by the FBI in his Massachusetts dorm room at 19, he expressed relief at being caught, stating he would have continued otherwise. A judge ordered him to pay over $14 million in restitution.
FBI Supervisory Special Agent Doug Domin called the PowerSchool hack one of the worst he’d seen, noting investigators traced the breach through financial transactions. Experts, including Fergus Hay of The Hacking Games, highlighted that many cybercriminals are young, neurodivergent individuals drawn to hacking through gaming communities, where pattern recognition and rule-breaking skills translate into cybercrime.
PowerSchool, which offered affected individuals two years of free credit monitoring, emphasized its commitment to data security but did not disclose the total number of victims. The case underscores the growing threat of juvenile hackers exploiting vulnerabilities in critical systems.
Santee School District cybersecurity rating report: https://www.rankiteo.com/company/santee-school-district
Ramona Unified School District cybersecurity rating report: https://www.rankiteo.com/company/ramona-unified-school-district
PowerSchool cybersecurity rating report: https://www.rankiteo.com/company/powerschool-group-llc
"id": "SANRAMPOW1776177688",
"linkid": "santee-school-district, ramona-unified-school-district, powerschool-group-llc",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '60 million students, 10 million '
'teachers',
'industry': 'Education Technology',
'location': 'California, USA',
'name': 'PowerSchool',
'size': 'Serves over 18,000 school districts worldwide',
'type': 'Software Provider'},
{'industry': 'Education',
'location': 'San Diego County, USA',
'name': 'Rancho Santa Fe School District',
'type': 'School District'},
{'industry': 'Education',
'location': 'San Diego County, USA',
'name': 'Ramona Unified School District',
'type': 'School District'},
{'industry': 'Education',
'location': 'San Diego County, USA',
'name': 'Santee School District',
'type': 'School District'}],
'attack_vector': 'Stolen employee credentials',
'customer_advisories': 'PowerSchool offered two years of free credit '
'monitoring to affected individuals.',
'data_breach': {'data_exfiltration': 'Transferred to a server in Ukraine',
'number_of_records_exposed': '70 million (60 million '
'students, 10 million teachers)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security numbers',
'Birth dates',
'Medical records']},
'date_detected': '2024',
'description': 'A 20-year-old hacker, Matthew Lane, has been sentenced to '
'four years in prison for orchestrating one of the largest '
'education data breaches in history. Lane infiltrated '
'PowerSchool, a California-based software provider serving '
'over 18,000 school districts worldwide, using stolen employee '
'credentials in 2024. He exfiltrated sensitive data, including '
'Social Security numbers, birth dates, and medical records, '
'transferring it to a server in Ukraine before demanding a '
'$2.8 million Bitcoin ransom. PowerSchool paid an undisclosed '
'sum to prevent the leak of data belonging to an estimated 60 '
'million students and 10 million teachers across the U.S., '
'Canada, and other countries.',
'impact': {'brand_reputation_impact': 'Significant',
'data_compromised': 'Social Security numbers, birth dates, medical '
'records',
'financial_loss': 'Undisclosed ransom paid, $14 million '
'restitution ordered',
'identity_theft_risk': 'High',
'legal_liabilities': 'Fines and legal actions possible',
'systems_affected': 'PowerSchool education software'},
'initial_access_broker': {'entry_point': 'Stolen employee credentials'},
'investigation_status': 'Completed (hacker sentenced)',
'lessons_learned': 'Growing threat of juvenile hackers exploiting '
'vulnerabilities in critical systems; need for enhanced '
'security measures and employee credential protection.',
'motivation': 'Financial gain, thrill-seeking',
'post_incident_analysis': {'corrective_actions': 'Enhanced security measures, '
'credit monitoring for '
'affected individuals, legal '
'actions against the hacker',
'root_causes': 'Stolen employee credentials, lack '
'of multi-factor authentication, '
'insufficient monitoring for '
'unusual activity'},
'ransomware': {'data_exfiltration': 'Yes',
'ransom_demanded': '$2.8 million in Bitcoin',
'ransom_paid': 'Undisclosed sum'},
'recommendations': 'Implement multi-factor authentication, regular security '
'audits, employee training on phishing and credential '
'security, and enhanced monitoring for unusual activity.',
'references': [{'source': 'FBI Supervisory Special Agent Doug Domin'},
{'source': 'The Hacking Games (Fergus Hay)'}],
'regulatory_compliance': {'legal_actions': 'Restitution of over $14 million '
'ordered'},
'response': {'law_enforcement_notified': 'FBI',
'remediation_measures': 'Offered two years of free credit '
'monitoring to affected individuals'},
'threat_actor': 'Matthew Lane',
'title': 'Teen Hacker Behind Massive Education Data Breach Sentenced to '
'Prison',
'type': 'Data Breach, Ransomware'}