The ‘Seasoned’ Teen Hacker Behind the PowerSchool Breach
There’s an innate tension between school safety and students’ civil rights. Ӱ’s Mark Keierleber keeps you up to date on the news you need to know
;)
Education news and commentary, delivered right to your inbox.
Sign up for Ӱ newsletter.
School (in)Security is our biweekly briefing on the latest school safety news, vetted by Mark Keierleber. Subscribe here.
The Massachusetts teenager set to be sentenced next week for was a “seasoned cybercriminal” who has targeted educational institutions, government agencies and corporations since 2021, my latest investigation reveals.
Good morning and thank you for tuning in for a special edition of . Today, I turn your attention to Matthew Lane, who was a 19-year-old college freshman when he pleaded guilty earlier this year to carrying out a cyberattack on PowerSchool, stealing sensitive data from millions of students and teachers and leveraging it into
In my latest story published this morning, I reveal how according to threat intelligence research conducted by the cybersecurity company Cyble and provided exclusively to Ӱ. The company’s findings, which mirror sentencing documents released by federal prosecutors on Wednesday, conclude that Lane used advanced techniques to take down his targets including PowerSchool — a cyberattack attack that represented “a predictable escalation rather than an isolated incident.”
Federal prosecutors used similar language, maintaining that Lane’s “crimes were not a mistake resulting from an isolated lapse in judgment,” but rather part of a pattern of criminal cyber activity that dates back to at least 2021.
Sign-up for the School (in)Security newsletter.
Get the most critical news and information about students' rights, safety and well-being delivered straight to your inbox.
In an analysis of digital fingerprints and data breaches, Cyble analysts concluded that Lane had been when he was still in high school. Targets included an alcoholic beverage company, a major U.S. supermarket chain, an Indonesian telecommunications company and the Colombian armed forces, Cyble said. In Wednesday’s memo, prosecutors allege that Lane has hacked at least eight targets, including “foreign government entities.” To this day, prosecutors said, most of the millions of dollars he extorted remains unaccounted for.
In federal district court in Worcester, Massachusetts, on Tuesday, they will ask the judge to sentence Lane, who was known to many in his life as a soft-spoken gamer and skilled computer programmer, to seven years in prison and more than $14 million in restitution.
Did you use this article in your work?
We’d love to hear how Ӱ’s reporting is helping educators, researchers, and policymakers.
