U.S. Teen to Enter Guilty Plea in PowerSchool Extortion Case

A 19-year-old college student in Massachusetts has agreed to plead guilty in connection with an extensive extortion scheme targeting PowerSchool, a leading educational software provider. According to a document released by the U.S. Department of Justice (DOJ) on May 20, Matthew D. Lane, a student at Assumption University in Worcester, has been accused of illegally accessing the computer networks of two U.S.-based companies and extorting them for ransom payments.

Lane’s plea includes one count each of conspiracy to commit cyber extortion, cyber extortion, unauthorized access to protected computers, and aggravated identity theft.

PowerSchool Paid the Ransom

PowerSchool, which serves educational institutions in the U.S. and Canada, was acquired by Bain Capital, a private investment firm, in October 2024. In January 2025, the company disclosed that an unauthorized actor had accessed sensitive information via its community customer support portal, PowerSource, on December 28, 2024.

The breach compromised personal data for over 60 million students and 10 million teachers across 6,505 school districts globally, covering both the U.S. and Canada. This data included:

– Full names of students and staff members
– Physical addresses
– Phone numbers
– Passwords
– Parent information
– Contact details
– Social Security numbers
– Medical data
– Grades

In the days following the breach, it emerged that PowerSchool had paid a ransom to prevent the exposure of this sensitive information. A message from the Howard-Suamico School District in Wisconsin noted that while PowerSchool insisted this was not a ransomware attack, the firm did confirm making a ransom payment to avert the release of the data.

Initially reluctant to confirm payment to media outlets, PowerSchool later acknowledged the transaction in May after it was reported that the threat actor had contacted multiple school district customers, attempting to extort them using information from the earlier incident. In a statement, the company expressed regret over the situation, stating, “It pains us that our customers are being threatened and re-victimized by bad actors.”

Unsuccessful First Extortion Attempt Against a Telco

While the DOJ statement and court documents regarding Lane’s charges do not mention PowerSchool explicitly—referring to it only as “an education software provider”—reports from BleepingComputer indicated that Lane and his associates indeed targeted PowerSchool.

According to the DOJ, Lane and his co-conspirators had initially compromised a U.S. telecommunications company in 2022, breaching its systems and stealing sensitive customer data, including PowerSchool login credentials linked to a contractor working with the educational firm.

In the months following, Lane and others attempted to extort a $200,000 ransom from the telecommunications provider by threatening to publicize the previously stolen customer data. After this first extortion attempt failed, they turned their attention to PowerSchool, demanding a ransom to prevent public dissemination of the illegally obtained data.

The DOJ alleges that Lane sent a Bitcoin ransom demand for approximately $2.85 million to PowerSchool on December 28, 2024, warning that failure to comply would result in global exposure of the compromised data. Even after PowerSchool paid a ransom—the exact amount remains undisclosed—requests for further ransom were sent to several school districts affected by the breach, prompting PowerSchool to publicly acknowledge its payment.

Lane Faces Two to Five Years in Prison

Alongside charges related to the breach at PowerSchool, Lane faces additional counts stemming from the attempted extortion of the telecommunications company. If convicted, he could incur serious penalties, with potential prison sentences ranging from two to five years, fines reaching up to $250,000, and supervised release.

The final sentence is subject to the determination of a federal judge, based on U.S. Sentencing Guidelines and applicable laws. Kimberly Milka, Acting Special Agent in Charge of the FBI’s Boston Division, stated, “Matthew Lane apparently thought he found a way to get rich quick, but now stands accused of hiding behind his keyboard to gain unauthorized access to an education software provider to obtain sensitive data for extortion purposes. This alleged scheme has significant consequences and underscores the FBI’s resolve to bring cybercriminals to justice.”

The charges against Lane are allegations, and he is considered innocent until proven guilty in a court of law. A plea hearing is yet to be scheduled.