A teenage university student from Massachusetts has agreed to plead guilty to charges in connection with the hacking and extortion of two U.S. companies, federal prosecutors say.
One of those companies is the education technology company PowerSchool, a person familiar with the matter told NBC10 Boston. The company disclosed a breach in early January — its software has been used by more than 18,000 schools to support over 60 million students across North America.
Stream NBC 5 for free, 24/7, wherever you are.
WATCH HEREThe U.S. Attorney's Office for Massachusetts didn't share the name of the company in announcing charges of cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers and aggravated identity theft against Matthew D. Lane, a 19-year-old from Sterling who's attending Assumption University. But U.S. Attorney Leah Foley said in a statement that he "stole private information about millions of children and teachers, imposed substantial financial costs on his victims, and instilled fear in parents that their kids’ information had been leaked into the hands of criminals – all to put a notch in his hacking belt."
Lane allegedly extorted a $200,000 ransom from a U.S. telecommunications company by threatening to share stolen customer data. Prosecutors said he replied to a question about whether paying the ransom would stop the extortion by saying, "We are the only ones with a copy of this data now. Stop this nonsense [or] your executives and employees will see the same fate . . . . Make the correct decision and pay the ransom. If you keep stalling, it will be leaked."
He later used a stolen login to get into an education software and cloud storage company's computer network, according to prosecutors, and moved personal identifying information of both teachers and students to a server he'd leased in Ukraine. That company later received threats that names, Social Security numbers and other information of over 60 million students and 10 million teachers would be leaked unless the company paid a ransom of 30 Bitcoin, or about $2.85 million, according to prosecutors and court documents.
A representative for PowerSchool said the company was aware of the filing and referred questions to prosecutors.
NBC10 Boston has reached out to an attorney for Lane as well as Worcester's Assumption University for comment.
U.S. & World
A hearing for the plea agreement hasn't yet been scheduled in federal court, prosecutors said.
The hack described in the court document matches a third-party assessment of the PowerSchool incident, NBC News reported.
Feeling out of the loop? We'll catch you up on the news you need to know with the Chicago Catch-Up newsletter.
SIGN UP 