A Massachusetts pupil has agreed to plead responsible to federal costs regarding hacking and extorting one of many largest U.S. training tech corporations, prosecutors confirmed Tuesday.
Matthew D. Lane, 19, is accused of utilizing stolen login credentials to entry the community of an unnamed software program firm, which serves colleges throughout North America and elsewhere, to steal the private info of greater than 60 million college students and 10 million academics.
The stolen private info included names, addresses, telephone numbers, Social Safety numbers, and medical info and college grades. In some circumstances, the hackers stole a long time of historic pupil knowledge.
Whereas the corporate was not named, federal prosecutors described particular particulars matching the information breach at training software program maker PowerSchool, which revealed in January that it had been hacked way back to September 2024. The breach affected colleges positioned largely throughout the USA and Canada, which use the PowerSchool software program to handle pupil grades, attendance, and different private and well being info.
Prosecutors say Lane labored with an unnamed co-conspirator who lived in Illinois to extort the training software program maker for about $2.85 million in cryptocurrency, in accordance with the criminal complaint.
PowerSchool confirmed to TechCrunch in January that it had paid the hackers to delete the stolen knowledge, however refused to say how a lot it paid. Earlier this month, a number of faculty districts mentioned that that they had since confronted extortion makes an attempt from somebody saying that the stolen pupil knowledge had not been destroyed. PowerSchool mentioned the extortion makes an attempt weren’t associated to a brand new incident, because the “samples of information match the information beforehand stolen in December.”
NBC Information was first to report on Lane’s plea settlement.
PowerSchool spokesperson Beth Keebler mentioned the corporate was conscious of the submitting, and deferred remark to the U.S. Legal professional’s Workplace for Massachusetts, which didn’t reply to an electronic mail from TechCrunch. When requested, Keebler didn’t dispute the ransom quantity as famous by the prosecutors.
Lane can also be accused of hacking and extorting one other firm, which prosecutors mentioned was a U.S. telecoms supplier. Prosecutors didn’t title the corporate within the plea settlement.
Lane’s lawyer Sean Smith didn’t reply to a request for remark.