Security Affairs
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

PowerSchool hacker got four years in prison

Matthew D. Lane, a Massachusetts student, got four years in prison for hacking and extorting $3M from PowerSchool and another company. A Massachusetts student, Matthew D. Lane, was sentenced to four years in prison for hacking and extorting about $3 million from two companies, including PowerSchool. In May, Lane pleaded guilty to hacking two U.S. […]

Scattered Spider DOJ

Matthew D. Lane, a Massachusetts student, got four years in prison for hacking and extorting $3M from PowerSchool and another company.

A Massachusetts student, Matthew D. Lane, was sentenced to four years in prison for hacking and extorting about $3 million from two companies, including PowerSchool.

In May, Lane pleaded guilty to hacking two U.S. companies, including likely PowerSchool, and extorting them.

The student used stolen credentials to access a company serving schools in the US, Canada, and beyond, hacking its network in September and December 2024. He exfiltrated student and teacher data (including names, addresses, birth dates, emails, Social Security numbers, and medical info) and demanded $2.85 million in Bitcoin, threatening to leak it. Though unnamed, the attack matches the PowerSchool hack, which reportedly affected around 70 million individuals.

The hack exposed the personal data of over 60 million students and 9 million teachers; the breach became public in January.

In May, PowerSchool paid a ransom to avoid leaking stolen data and erasing it, but the attackers kept the data and began extorting school districts in the US and Canada. Court documents show Lane returned about $160,000 of the stolen $3 million.

The student was sentenced to four years in prison and three years of supervised release. The judge ordered him to pay $14 million in restitution plus a $25,000 fine.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, PowerSchool)