A hacker responsible for a breach that put the personal data of thousands of New Hampshire students and teachers at risk is a Massachusetts college student who said he would never have stopped what he was doing if the FBI hadn’t come to his dorm room to arrest him.
Matthew Lane, 20, says he was addicted to hacking.
“That gave me the most natural high ever,” he said in an interview with ABC News.
In what FBI agents call one of the worst hacks they have ever seen, Lane orchestrated from his dorm room at Assumption College a sophisticated hack of PowerSchool, a software program used by schools across the Granite State to track grades and some students’ medical information.
>> Download the free WMUR app to get updates on the go <<
The hack affected up to 60 million students and teachers nationwide. Lane explained his motivation.
“Greed, for one,” he said. “Two, deep down, I had a deep disdain for myself and, honestly, the things that I was around doing, but I couldn’t stop.”
Lane grew up in the small town of Clinton, Massachusetts, and said he was taken by the lavish lifestyle he saw hackers living.
“I want that,” he remembered himself thinking. “And that’s what leads you down the path of greed.”
He said he learned how to code around the age of 13 and got into hacking through one of the world’s most popular gaming platforms, Roblox.
“It’s a very toxic and edgy corner of the internet,” Lane said.
Lane was sentenced in October to four years in prison for hacking into PowerSchool’s networks and extorting the company for ransom. He said he felt relief when the FBI pounded on his dorm room door with a warrant.
“I’m thankful for them, because I would have never stopped,” he said.
News 9 Investigates has learned that more than 9,000 students and teachers in New Hampshire may have had their names, contact information and limited medical alert information accessed during the breach. According to court documents, Lane threatened to leak PowerSchool’s data if it didn’t pay $2.85 million in Bitcoin.
“It’s easy, easy money, even though it’s dirty,” Lane said. “As a young kid, you are like, ‘I am going to do that.’ And that’s how I fell into it.”
PowerSchool’s software is used by several districts in New Hampshire, including Bedford.
“We use it to take attendance. We use it for grade reporting. We use it for progress reports,” said Bedford Superintendent Michael Fournier. “All of our student information data is stored in that system.”
Fournier said PowerSchool notified the district of the breach in January 2025. He said none of the Bedford students or teachers had their Social Security numbers compromised.
“New Hampshire has some of the strongest privacy laws in the nation, and in order for us to engage with a company like PowerSchool, they signed a comprehensive data privacy agreement,” Fournier said.
After the hack, PowerSchool offered two years of identity protection to students and teachers, but according to the FBI, the impact of the hack could last decades.
“It’s one of the worst I’ve seen, when you talk about financial impact and the forever impact that these students and faculty will have for the rest of their lives,” said Doug Domin, of the FBI Boston cyber task force.
Lane spoke to ABC News before reporting to prison and said he has always struggled with his mental health. He is expressing remorse for the people he affected.
“I took their sense of security and being,” he said. “I want to take accountability for everything I’ve done, for everything I ever did.”
A class action lawsuit has also been filed that includes a minor in Claremont as a plaintiff. The lawsuit seeks damages and 10 years of ID monitoring.
Lane’s full story can be seen Tuesday night on “Nightline” after “Jimmy Kimmel Live.”
Asked about Matthew Lane’s expressions of remorse and the PowerSchool breach itself, a PowerSchool spokesperson sent ABC News this statement:
“PowerSchool appreciates the efforts of the prosecutors and law enforcement who brought this individual to justice. Since the moment we became aware of this incident, we have remained focused on supporting our school partners and safeguarding student, family, and educator data.
“We’ve dedicated the last year to supporting customers throughout our investigation, including publishing a public incident report in March 2025 by CrowdStrike, an industry leading cybersecurity firm. The incident report found only certain SIS customer environments were affected, and found no evidence of fraud, misuse of information, malware, or unauthorized activity in the PowerSchool environment. Not all PowerSchool SIS customers were affected, and districts and schools that do not utilize PowerSchool’s SIS were not affected. Finally, we have no evidence that other products were impacted.
“PowerSchool takes the responsibility to protect student data privacy and to act responsibly as data processors to schools and districts extremely seriously. We strictly and proactively follow all legal, regulatory, and voluntary requirements for protecting student privacy including federal laws such as the Family Educational Rights and Privacy Act (FERPA) and state regulations.”
The PowerSchool spokesperson declined to say how many current and former students and teachers were ultimately affected by the breach. The spokesperson also declined to say how much PowerSchool paid in ransom.
Asked about assertions that hackers develop their skills by first learning how to cheat on platforms such as Roblox, and assertions that cyber criminals find new recruits on such platforms, a Roblox representative noted this:
- “Cyber crime is an industry-wide challenge. At Roblox, we established theHackerOne Bug Bounty program to encourage people to ethically report security issues. We’ve hired several young people directly from the HackerOne program who now work full-time at Roblox securing our systems.
- We also have cutting edge anti-cheat systems that are designed to prevent exploits in Roblox experiences.
- We work closely with law enforcement and other partners to report cyber-enabled crime through the FBI’s Internet Crime Complaint Center (IC3). We’re also a member of the Domestic Security Alliance Council (DSAC), which has been an integral partner for exchanging threat intel when certain security incidents occur.”
Click Here For The Original Source.
