Computer hacker and former college student Matthew Lane — who was a teenager when he carried out a massive cyberattack on education technology company PowerSchool — was sentenced in federal court on Tuesday to four years in prison and ordered to pay more than $14 million in restitution. 

Lane, a former Assumption University freshman who federal prosecutors described as a sophisticated and experienced cybercriminal, told a federal judge that his crimes occurred during an “extremely dark time in my life,” but acknowledged, “I deserve to be punished.” In June, Lane pleaded guilty to what is widely considered the largest exposure of private student data in history, a breach that compromised the sensitive information of some 60 million students and 10 million educators.

“I robbed actual people and their families of their sense of security,” Lane, now 20, told U.S. District Court Judge Margaret Guzman, his shaggy hair obscuring his eyebrows and the tops of his glasses, adding he was “thankful I got caught.”

Lane said he takes “full responsibility” for his crimes but that he was “disconnected from reality” while he engaged in hacking. He has since become “sober not just from drugs, but from the internet as well,” he told Guzman.

Accompanied in court by family members and several friends, Lane broke down and sobbed after learning his sentence, which includes three years of supervised release and a $25,000 fine.

He was convicted of cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers and aggravated identity theft. Federal prosecutors were seeking a seven-year prison term, describing Lane in a sentencing memo as being motivated by greed and said the threat to Powerschool warned, â€œwe fully intend to destroy your company and bankrupt it to the point of no absolute return ” if it didn’t meet a $2.85 million ransom demand in Bitcoin.

ł˘˛š˛Ôąđ’s sentencing concludes a yearlong cybercrime saga, which began in September 2024 when prosecutors say he hacked into PowerSchool’s computer network and transferred stolen records to a leased server in Ukraine. About three months later, PowerSchool officials received the extortion demand to prevent sensitive student and teacher data — including the Social Security numbers of children as young as 5 — from being leaked “worldwide.” 

Lane also pleaded guilty to working with an unnamed co-conspirator from Illinois to extort $200,000 from an unnamed U.S.-based wireless telecommunications company between April and May 2024 before he discussed the “need to hack another shitty company that[’]ll pay” and set his sights on PowerSchool. 

Guzman, who appeared sympathetic to ł˘˛š˛Ôąđ’s young age at the time he carried out multiple cyberattacks, said the case should serve as a cautionary tale to parents everywhere and expressed alarm about the “breadth and reach of technology” to commit crimes anonymously. Guzman said the challenges Lane faced as a teenager, including social isolation and struggles to fit in with his peers, made him “vulnerable to falling through the rabbit hole.” 

Guzman said society can’t go back to the days of typewriters and television sets with just five channels. But parents have placed computers in their children’s bedrooms and provided cell phones to grade schoolers without proper guardrails. Lane, she said, won’t be the last one to exhibit “bravado behind the screen of a computer.” 

Defense attorney Sean Smith asked the judge to sentence Lane to three years in prison and three years of supervised release. Smith said Lane was “very much cognizant of the seriousness” of his offenses and that he pleaded guilty and “admitted fault almost from the get-go.” 

Smith said Lane was a teenager when the cyberattacks unfolded and had no previous convictions. Letters of support submitted by family members to the court made clear Lane was “a generous, loving, patient individual,” who grappled with loneliness, depression and anxiety.

The seriousness of ł˘˛š˛Ôąđ’s actions “can’t be overstated,” said Assistant U.S. Attorney Kristen Kearney, who called his behavior “calculated.” The PowerSchool data breach has caused real harm to millions of people, she said, who now face stifled job prospects, heightened insurance costs and other harms that will follow them “for the rest of their lives.” 

Kearney noted that Lane made several efforts to conceal his identity and avoid detection and was financially motivated: He desired designer clothes and jewelry, she said, and to “host parties at extravagant Airbnbs.” 

Lane “did not make a teenage mistake” or get “mixed up with the wrong crowd,” she argued, but carried out “carefully planned attacks” for financial gain. Personal statements that put Lane in a positive light, she said, showed he was living “a double life.” In the online world, she said, digital chat messages included racial slurs, antisemitism and threats of sexual violence. 

The prosecutor challenged ł˘˛š˛Ôąđ’s request for a three-year prison sentence, arguing that other cybercriminals could see it as the cost of doing business if they have millions of dollars in cryptocurrency waiting for them after their release. Lane returned about $160,000 to the government, according to a sentencing memo released last week, but roughly $3 million remains unaccounted for. 

Kearney also disputed Smith’s assertion that Lane was a first-time offender at the time of the PowerSchool breach, despite his absence of a criminal record. Last week, federal officials accused him of carrying out at least eight cyberattacks dating back to at least 2021 when he was still in high school.

Prosecutors said the PowerSchool attack resulted in more than $14 million in damages, including the ransom payment and identity theft services for the students and teachers who were victimized. 

In a statement to ĂŰĚŇÓ°ĘÓ on Tuesday, PowerSchool said it “appreciates the efforts of the prosecutors and law enforcement who brought this individual to justice” and that the company remains focused on “supporting our school partners and safeguarding student, family and educator data.”

After the sentencing hearing, a tearful Lane, who wasn’t immediately taken into custody, was embraced by friends and family members. 

“I’m sorry, guys,” he said to four friends outside the courtroom, exchanging hugs and handshakes before getting into an elevator. “I love you guys.”

The Massachusetts teenager set to be sentenced next week for  was a “seasoned cybercriminal” who has targeted educational institutions, government agencies and corporations since 2021, my latest investigation reveals. 

Good morning and thank you for tuning in for a special edition of . Today, I turn your attention to Matthew Lane, who was a 19-year-old college freshman when he pleaded guilty earlier this year to carrying out a cyberattack on PowerSchool, stealing sensitive data from millions of students and teachers and leveraging it into 

In my latest story published this morning, I reveal how  according to threat intelligence research conducted by the cybersecurity company Cyble and provided exclusively to ĂŰĚŇÓ°ĘÓ. The company’s findings, which mirror sentencing documents released by federal prosecutors on Wednesday, conclude that Lane used advanced techniques to take down his targets including PowerSchool — a cyberattack attack that represented “a predictable escalation rather than an isolated incident.”

Federal prosecutors used similar language, maintaining that ł˘˛š˛Ôąđ’s “crimes were not a mistake resulting from an isolated lapse in judgment,” but rather part of a pattern of criminal cyber activity that dates back to at least 2021.

In an analysis of digital fingerprints and data breaches, Cyble analysts concluded that Lane had been  when he was still in high school. Targets included an alcoholic beverage company, a major U.S. supermarket chain, an Indonesian telecommunications company and the Colombian armed forces, Cyble said. In Wednesday’s memo, prosecutors allege that Lane has hacked at least eight targets, including “foreign government entities.” To this day, prosecutors said, most of the millions of dollars he extorted remains unaccounted for.

In federal district court in Worcester, Massachusetts, on Tuesday, they will ask the judge to sentence Lane, who was known to many in his life as a soft-spoken gamer and skilled computer programmer, to seven years in prison and more than $14 million in restitution. 

Sterling, Massachusetts 

Matthew Lane peeked his head through a window at his parents’ house on a wooded, winding road, and, with apprehension, opened the front door. 

The chime of the doorbell at the gray, two-story house, which sent the family dog into a fit, wasn’t expected — or welcomed. 

ł˘˛š˛Ôąđ’s had been the subject of speculation and intrigue since May when federal prosecutors announced the rail-thin, shaggy-haired 19-year-old college freshman had confessed to a ransomware attack on education technology behemoth PowerSchool. 

Federal prosecutors accused Lane of collaborating with at least one unnamed co-conspirator to steal the sensitive records of more than 60 million students and 10 million educators. Claiming to be part of a “notorious hacking group,” he used the stolen data to extort nearly $3 million from California-based PowerSchool. Though charging documents describe the education technology company as “Victim 2,” extensive details released by the government align with the company’s disclosure about the breach. 

Lane pleaded guilty to the breach — widely considered the largest exposure of private student data in history — in June and is scheduled to be sentenced in federal court on Tuesday. 

“Money and greed” motivated his actions, released on Wednesday that states Lane wanted “to buy designer clothes, diamond jewelry and luxury vehicles” while spending funds on “extravagant rental apartments and near daily fast-food delivery.” Lane returned about $160,000 to the government, but roughly $3 million remains unaccounted for, according to the sentencing report.

Federal prosecutors, who charged him with computer fraud and aggravated identity theft, are seeking a seven-year prison sentence and more than $14 million in restitution.

His “crimes were not a mistake resulting from an isolated lapse in judgment,” the memo alleges, but rather part of a pattern of criminal cyber activity that dates back to at least 2021, when he was still in high school. His targets include at least eight victims total, “ranging from a school athletic association to private companies to foreign governments.” 

Open-source reporting and a threat intelligence report obtained by ĂŰĚŇÓ°ĘÓ from cybersecurity firm Cyble reveal details of what that past cyber crime life looked like. They provide evidence that , who was known on the Worcester, Massachusetts, campus for being socially reserved, took on flamboyant, meme-inspired personas in online cybercrime communities that were highly active for years. 

In the physical world, Lane appeared to keep a low profile around town — and he hoped to keep it that way. 

“Please leave” Lane told a reporter who traveled to his hometown in August to learn more about the teenager described by federal prosecutors as “hiding behind his keyboard” to carry out “get rich quick” cyberattacks.

ł˘˛š˛Ôąđ’s attorney, Sean Smith, didn’t respond to requests for comment.

Prosecutors said Lane “grew up in a safe, small town” with what the teenager himself described as “loving and nurturing parents” and close relationships with all his family members. It was here in Sterling — a middle-class enclave of fewer than 8,000 residents — where neighbors watched a parade of Federal Bureau of Investigation agents park outside the Lane residence and conduct an early-morning raid this spring.

For cybersecurity professionals following the PowerSchool case, ł˘˛š˛Ôąđ’s indictment, which was publicized by federal law enforcement as a major score in their crackdown on cybercrime rings, . Among them, to a network of young, for and

Cyble leverages open-source intelligence techniques and proprietary tools to track the online behaviors of threat actors and help businesses manage their cyber risks. The firm provided threat intelligence research exclusively to ĂŰĚŇÓ°ĘÓ that aligns with prosecutors’ assertions in ł˘˛š˛Ôąđ’s sentencing report. 

Cyble researchers identified digital personas it connected to Lane and tracked their account behaviors on a cybercrime forum and across the web. These threat-actor accounts “systematically targeted educational institutions, government agencies and corporate networks since 2021,” citing the same year as federal prosecutors. 

These earlier hacks and data breaches, Cyble said, affected an alcoholic beverage company, a major U.S. supermarket chain, an Indonesian telecommunications company and the Colombian armed forces. 

To bring down targets without detection, the threat actor behind the accounts leveraged the techniques of “experienced hackers,” Cyble Chief Product Officer Kaustubh Medhe said. The PowerSchool hack was “a predictable escalation rather than an isolated incident,” Cyble analysts concluded, and was not the work of a “first-time offender” but rather “a seasoned cybercriminal.” 

“We wouldn’t treat him like an amateur,” Medhe said. “In no way can we say that he was just a young kid who struck rich.”

The sentencing report similarly describes ł˘˛š˛Ôąđ’s conduct as “sophisticated, involving virtual private networks, eSIMs (a digital, more secure version of a physical card), anonymized email addresses and phone numbers, stolen credentials and foreign servers.”

Federal prosecutors accused Lane of working with a co-conspirator to extort $200,000 from a U.S.-based wireless telecommunications company before discussing the “need to hack another shitty company that[’]ll pay.” 

PowerSchool became that next victim, prosecutors say.

The extortion pipeline

Online fingerprints that Cyble used to connect the digital aliases “,” “netsaosa,” “fuckmarykill” and others to Lane show they have been exploiting vulnerabilities since the defendant was barely old enough to drive. Then the hacker bragged about it. 

On a now-defunct online cybercrime marketplace, that security researchers pegged to Lane, in part from an exposed IP address,  appeared to boast of attention-grabbing exploits: “ive been on news sites a few times,” g0re wrote in a signature line. 

As news of ł˘˛š˛Ôąđ’s connection to the PowerSchool case circulated around Sterling, neighbors said they were thankful  he wasn’t arrested for dealing drugs. But few people knew the young man accused of carrying out the crime. 

“I’ve never heard of him, but he can go to hell,” said one patron at B-Man’s 140 Tavern, a biker bar on the outskirts of town that’s known as a hub for local gossip. A police department dispatcher said she didn’t know anything about the case beyond the highlights that made the local news and the executive director of the local public access television station said he was similarly out of the loop. 

To people who knew Lane, the indictment was a shock. Neighbors, former classmates and a college professor described him as a soft-spoken gamer and a skilled computer programmer. 

One former classmate, Quinton Brien, said Lane didn’t “seem interested in school” and recalled the high schooler selling nicotine vapes to his underage classmates. His class portraits appear in the regional high school yearbook, but he doesn’t show up as participating in any sports teams or extracurricular clubs. 

High school friend Pia Bogieczyk said Lane is “kind of goofy” and introverted. The two bonded over the video games Minecraft and Fortnite, Bogieczyk said, and although her friend was a computer wiz, she didn’t expect him to get caught up in cybercrime. 

“I figured he would be good enough at computer stuff to do that, if that makes sense,” she told ĂŰĚŇÓ°ĘÓ, but “I didn’t think he would be using his skills for malicious purposes.”

On X, attributed to Lane offers insights into his personality — and his connections. The profile features a hatred of Hallmark Christmas movies, a disclosure of being “mentally ill,” a love for video games and a deep interest in anime — especially a dystopian Japanese cartoon about a lonely girl who immerses herself in an interconnected and increasingly strange digital world. 

The account also for Conor Fitzpatrick, who was a New York teenager when he , an online community where hackers sold stolen data and hacking tools. Fitzpatrick was and in September was for launching what federal officials called “one of the world’s largest English language hacking forums.” BreachForums, which has suffered several data breaches itself, has been  

Cyble analysts found these online aliases’ forays into hacking began with benign efforts to identify and report computer security flaws before progressing over several years to leaking original data breaches “and ultimately to extortion.” 

‘A notch in his hacking belt’

When federal officials announced , the Department of Justice accused the teenager of using stolen credentials in September 2024 to hack into PowerSchool’s computer network and transfer sensitive files to a leased server in Ukraine. On the night he leased the server, Lane told his girlfriend he was “gonna be on the laptop” because “I just need to actually make $ for a second,” according to the sentencing report.

About three months later, in December, PowerSchool officials received a demand for about $2.85 million in Bitcoin to prevent sensitive student and teacher data — including the Social Security numbers of children as young as 5 — from being leaked “worldwide.” 

“Final note, we fully intend to destroy your company and bankrupt it to the point of no absolute return if the ransom is not paid,” the hacker warned PowerSchool, according to the sentencing memo. The attack cost the company more than $14 million, according to the court documents, including the ransom payment and identity theft services for the students and teachers who were victimized. 

The cybercrime was “a serious attack,” U.S. Attorney Leah Foley said in a press release, and that Lane “instilled fear in parents that their kids’ information had been leaked into the hands of criminals — all to put a notch in his hacking belt.”  

In interviews with federal law enforcement after they searched his college dorm, Lane initially “fabricated a story about receiving packages of cash,” denied engaging in extortion “and only admitted his conduct when faced with his indisputable text messages,” according to charging documents. 

The PowerSchool data breach made international headlines earlier this year in part because it encompassed highly sensitive records about students, including their mental health and . The company, acquired by the Boston-based private equity firm Bain Capital for $5.6 billion last year, operates a digital platform that helps schools track students’ attendance, grades and other data. More than 18,000 educational institutions globally and 90 of the 100 largest U.S. school districts rely on PowerSchool software, the company claims. 

The company, which has faced criticism for delays in notifying affected students and educators about the ransomware attack, was hit with dozens of lawsuits over its failure to keep sensitive data secure. In September, Texas Attorney General Ken Paxton announced a lawsuit against the vendor, accusing it of about the strength of its cybersecurity features. 

PowerSchool is “committed to protecting student data and ensuring the safety of our systems,” a company spokesperson said this week in a statement to ĂŰĚŇÓ°ĘÓ.

“Following the 2024 security incident, we promptly notified our customers and provided ongoing updates as new information became available,” the statement reads. “We continue to work closely with affected districts and law enforcement to ensure transparency and accountability.”

PowerSchool , but quickly backtracked to disclose it paid the cybercriminals an unspecified extortion demand to keep students’ sensitive records from spreading online. 

Then, local school leaders in several states . In May, district administrators reported receiving ransom demands for cryptocurrency payments to stop their stolen PowerSchool records from being exposed. In North Carolina, the state education department received a demand from a threat actor a cybercrime group that’s taken credit for .

That email, obtained by the cybersecurity blog , and CyberScoop, have raised questions about ł˘˛š˛Ôąđ’s , which at one point operated BreachForums. Cybersecurity analysts have “loosely knit band of primarily English-speaking miscreants” involved in hacking, extortion and “real-life violent crime for a price.” 

Medhe of Cyble said his researchers have found no evidence that ShinyHunters had a role in the PowerSchool hack, noting that anybody can “create a fake email account” and pretend an alliance with an international cybercrime syndicate. But the evidence makes clear that Lane “wasn’t acting alone,” he said, theorizing that it’s only “a matter of time” before federal officials announce the indictment of his unnamed co-conspirator. 

After organizations fall prey to a data breach, it’s common for them to experience “secondary victimization” where stolen records are leveraged multiple times by different hackers, said Yanna Papadodimitraki, a research associate at the . 

“Data can never be taken back in many ways,” she said. “Probably, the students and the teachers will be having quite a lot to deal with in the years to come.” 

‘Social relationships, albeit online, are key’

The PowerSchool breach may be ł˘˛š˛Ôąđ’s biggest cyberattack, but the Cyble threat intelligence report indicates his entry into cybercrime began closer to home. 

The Lane-identified hacker aliases g0re and netsaosa for a cyberattack on the Massachusetts Interscholastic Athletic Association website, which stalled the release of the statewide brackets for upcoming  tournament games. The association that oversees high school sports was targeted, the threat actor at the time, because “I was bored.” 

When the hacker alerted the group to vulnerabilities on their site, “they ignored me. ignored me. ignored me.”

Lane was 16 at the time. 

Lane is far to get caught up in organized cybercrime. The trope of a teenage hacker tapping away in his parents’ basement is . Indeed, many of the most devastating hacks in recent memory — including   — have led to the . 

“Most of these criminals tend to have a better understanding of the local businesses, the local institutions, and what type of sensitive data they are likely to hold,” Medhe said. “And they’re most likely to target some of these institutions that they know about before going global.” 

The pathway to cybercrime for teens often begins in video gaming communities devoted to cheat codes that are used to modify the playing experience and gain an advantage, by the National Crime Agency in the United Kingdom. Such digital meetups can serve as a first stop before they move on to criminal forums that dispense “low-level hacking tools” and where “social relationships, albeit online, are key.” 

The thrill of the chase and accumulating internet points in cybercrime forums — not money — are often prime motivators, according to the British law enforcement agency, which found that just a small number of hackers work their way up the ranks to “the very technically skilled cybercriminal.” 

, published in 2023 by researchers in the Netherlands, identified two dozen “risk factors for cyber-offending,” such as being a young male with “low self-control and deviant peers.”

Youthful hackers generally turn to online communities “not only as a way to build expertise, but to gain a reputation, gain insights from others and buy and sell services,” said Thomas Holt, the director of the Michigan State University Center for Cybercrime Investigation & Training, and the entry points and motives for teen hackers. In , Holt found young people “whose peers used drugs, shoplifted and played computer games were more likely to engage in hacking.” 

“Now you can pay for a denial of service attack, as an example, whereas 20 years ago you’d have to know how to run it yourself,” Holt said, referring to a type of attack that overwhelms a computer network’s capacity and renders it unable to function. “All you need is an internet connection and some forums — maybe some YouTube videos — to become proficient, at least in today’s world.” 

Papadodimitraki of the , whose research focuses on youth delinquency, has questioned the role video games play in cybercrime. Her own work points to many of the same factors that are correlated with other crimes, including poverty, trauma, poor social connections and school exclusion. 

“But what we seem to be seeing when it comes to gaming and cybercrime is an overall interest in technology,” she said. “So gaming is just a part of that.”

BreachForums user logs leaked in 2023 show the g0re account was created using a VPN to mask the hacker’s identity, according to a Cyble analysis of the data breach. The account, researchers found, was among the earliest BreachForums members, with User ID 17. The user’s “last recorded activity,” researchers found, pointed to the IP address of the Lane household in Sterling, Massachusetts. The lapse suggests “operational security degradation over time,” they wrote, and may have played a part in ł˘˛š˛Ôąđ’s ultimate capture.

Lane is accused of going to elaborate lengths with an Illinois-based co-conspirator to cover their tracks so that investigators “will literally find nothing.” Prosecutors allege Lane used an “anonymized email address” to communicate with breach victims and Signal, the encrypted messaging app, to communicate with the co-conspirator. The two discussed directing their criminal proceeds to cryptocurrency wallets, transferring those funds to anonymous virtual credit cards and wearing masks and gloves when taking that money from ATMs. They also talked about using money mules to withdraw the cash for them.

The Cyble threat intelligence report notes Lane was also active on Telegram, the privacy-branded messaging app that’s become a popular hangout for cybercriminals. 

“The sophistication and planning involved in his crimes and the steps he took to conceal his identity—including identifying which victims to target, gaining access to their networks, negotiating ransom payments with professional cybersecurity companies, hiding the flow of funds from the ransom payments to himself and others — belies any argument that Lane was too young to understand what he was doing was wrong,” prosecutors allege.

Calling the cops

On one online forum similar to BreachForums, which is still in operation, PowerSchool exploits have been a subject of discussion for years — with student users seeking ways to change their grades and stay out of trouble with their parents. 

In one post, a user gave forum members instructions on how to spoof “the painfully evil grade checking website,” albeit temporarily, to “show off or to prove to your mom that you’re a good student.” 

The trick was a hit.

“OMG dude i love you,” one user wrote. “This just saved my xbox till my school calls home.” 

Bogieczyk, who played the video game Minecraft with Lane while in high school, recalled him taking Advanced Placement Computer Science courses and finding them “just really easy.” She said she hasn’t visited Lane since the indictment but she has friends who have. One of his preoccupations, she said, has been his online reputation. News of his indictment led to “hate online,” including social media posts and negative comments on news articles. 

One of ł˘˛š˛Ôąđ’s former Assumption University professors, who asked not to be identified because he wasn’t authorized by the university to speak, said Lane was “very quiet” in class and was surprised to learn the student, whose progress reports show he was an adept computer programmer, stood accused of a cybercrime. 

The professor said he received a general email from university administrators notifying the school community of FBI activity on campus related to cybersecurity. After news of the indictment broke, the instructor said he got an email from ł˘˛š˛Ôąđ’s personal account explaining why he was absent from class and that law enforcement had confiscated his devices.

Officials at Assumption University, a small, Catholic college with about 1,600 undergraduate students and a tiny computer science program, didn’t respond to requests for comment. ł˘˛š˛Ôąđ’s sentencing report notes he was attending Assumption on a partial scholarship, expected his college internships to pay off his student debt and aspired to work for Google.

In Sterling, the Lanes were described as “nice neighbors” who generally kept to themselves. A conversation with one neighbor was interrupted when two local police officers pulled onto the tree-lined street. Someone concerned about their privacy — Matthew Lane or his parents — had called in a complaint. 

“They just called and they don’t have any comment and they just don’t want you here anymore,” Officer Steve Mucci said. “You headed out?”