Hacker Matthew Lane, now 20, played a central role in the PowerSchool data breach, one of the largest cyberattacks in U.S. education history. As he headed to federal prison in Connecticut, he admitted fear and regret, writing, “It’s extremely sad, and I’m just scared.”
The breach targeted PowerSchool, a platform used by about 80% of school districts in North America. According to the Justice Department, it exposed data tied to roughly 60 million students and 10 million teachers. Sensitive details, including Social Security numbers, dates of birth, grades, and medical information, were at risk. Under pressure, the company paid millions in ransom after threats to release the data.
Lane later acknowledged the severity of his actions, saying, “I think I need to go to prison for what I did,” and described his behavior as “disgusting” and “greedy.”
The Story of Hacker Matthew Lane
Authorities say hacker Matthew Lane is part of a wider trend involving young hackers entering cybercrime at early ages. FBI officials report cases involving individuals as young as 14.
Experts link this rise to digital exposure from childhood. Social platforms can glamorize cybercrime, while gaming environments help develop technical skills. Fergus Hay, CEO of The Hacking Games, noted that today’s young hackers can cause outsized damage due to accessible tools and online knowledge sharing.
In 2023, a 15-year-old allegedly carried out a major cyberattack on Las Vegas casinos. Separately, a British teenager reportedly helped hack dozens of global companies, extorting over $115 million.
How Hacker Matthew Lane Entered the World of Young Hackers
Lane’s path began with online gaming. As a child dealing with mental health challenges and later diagnosed autism, he found an escape on Roblox. There, he encountered users manipulating games and became interested in learning how to play them.
This curiosity led him to hacking forums, where young hackers exchange techniques, sell stolen data, and showcase illegal profits. Lane described the appeal: “You see this lavish, luxurious lifestyle… and that’s how I fell into it.”
He also warned that such forums attract recruiters from cybercriminal groups by posing peers and offering money and tools.
Inside the PowerSchool Data Breach Operation
By age 15, hacker Matthew Lane was already conducting cyberattacks on major corporations. He often selected targets from Fortune 500 lists and used tools he helped build to identify system vulnerabilities.
In late 2024, Lane accessed PowerSchool systems using stolen contractor credentials. Data was extracted and moved to external servers, and ransom messages soon followed, threatening to “destroy” the company if payment was not made.
Although the ransom was paid, the PowerSchool data breach did not fully end. Some stolen data later resurfaced in additional extortion attempts, raising long-term concerns for victims.
Consequences and Lessons from Hacker Matthew Lane’s Case
The breach became public in January 2025, prompting alerts to schools and families. Within weeks, investigators identified Lane, then a college freshman. FBI agents raided his dorm, seizing devices and assets.
Lane later said he felt relief: “It’s over … I’m done with this.”
He pleaded guilty in June to multiple charges, including cyber extortion, and was sentenced to four years in prison along with over $14 million in restitution.
Officials warn that victims of the PowerSchool data breach may face ongoing risks, as stolen data can resurface repeatedly. The case highlights the need for stronger oversight, early intervention, and better guidance for young hackers.
Lane now says he hopes his story serves as a warning: “I hope I can convince at least one person not to go down my path.”
