Man Behind PowerSchool Breach That Exposed Canadian Students’ Data Sentenced to 4 Years
A 20-year-old Massachusetts man has been sentenced to four years in prison for hacking education software provider PowerSchool, a cyberattack that exposed sensitive data of millions of students and teachers across Canada and the United States.
Matthew Lane, of Worcester, Mass., pleaded guilty in June to cyber extortion, aggravated identity theft, and unauthorized computer access. U.S. District Judge Margaret Guzman also ordered him to pay $14 million (USD) in restitution and a $25,000 fine, according to the U.S. Attorney’s Office in Massachusetts.
Breach compromised data of 2.7 million Canadians
The December 2024 PowerSchool breach compromised data belonging to more than 2.7 million Canadian students, including names, birth dates, addresses, emergency contacts and, in some cases, social insurance numbers.
The web-based platform is widely used by school systems in Alberta, Ontario, Manitoba, Newfoundland and Labrador, Nova Scotia, Northwest Territories, Prince Edward Island and Saskatchewan to store personal, academic and medical information.
“PowerSchool appreciates the efforts of the prosecutors and law enforcement who brought this individual to justice,” the company said in a statement.
Hacker demanded $2.85M ransom in bitcoin
Prosecutors said Lane accessed PowerSchool’s network using stolen credentials and posed as a member of a notorious hacking group. He demanded $2.85 million in bitcoin to prevent the leak of student and teacher data.
Before that, Lane had extorted another company using data from a separate telecom breach, demanding $200,000 to avoid disclosure.
PowerSchool ultimately paid a ransom to have the stolen data deleted and prevent public exposure, prosecutors said. However, multiple Canadian school boards later received ransom demands referencing the same data.
Widespread concern over school cybersecurity
The breach renewed calls for stronger data protection measures across Canadian educational institutions. Experts warn that the rising use of centralized student management systems makes schools increasingly vulnerable to cyberattacks.
The PowerSchool case remains one of the largest education-related data breaches in North America, affecting millions and highlighting the growing risks in digital learning infrastructure.
