Assumption University student Matthew Lane, 19, allegedly hacked into the computer networks of two U.S.-based companies, and stole millions of records with confidential and personally identifiable information.
Lane then allegedly extorted the companies for ransoms.
“Cyber extortion is a serious attack on our economy and on all of us,” Massachusetts U.S. Attorney Leah Foley said. “As alleged, this defendant stole private information about millions of children and teachers, imposed substantial financial costs on his victims, and instilled fear in parents that their kids’ information had been leaked into the hands of criminals — all to put a notch in his hacking belt.
“The alleged ransoms that this defendant and others like him demand hurt victim companies and their innocent customers whose data the companies are entrusted to hold,” Foley added.
Lane allegedly agreed with others to extort a $200,000 ransom payment from a telecommunications company by threatening to publicly disseminate customer data that had been stolen from the company’s computer network.
When the company questioned whether a ransom payment would in fact end the threat of its customer data being leaked, Lane allegedly responded, “We are the only ones with a copy of this data now. Stop this nonsense [or] your executives and employees will see the same fate… Make the correct decision and pay the ransom. If you keep stalling, it will be leaked.”
Lane is also accused of using stolen login credentials to access the computer network of a second victim company — a software and cloud storage company that served school systems in the U.S., Canada and elsewhere.
He allegedly transferred personally identifying information (PII) of students and teachers stored on that company’s networks to a computer server that Lane leased in Ukraine.
Later, the second victim company and others received threats that the PII of more than 60 million students and 10 million teachers — including names, email addresses, phone numbers, Social Security numbers, dates of birth, medical information, residential addresses, parent and guardian information and passwords, among other data — would be “leak[ed]… worldwide” if the company did not pay a ransom of about $2.85 million in Bitcoin.
“Matthew Lane apparently thought he found a way to get rich quick, but this 19-year-old now stands accused of hiding behind his keyboard to gain unauthorized access to an education software provider to obtain sensitive data which was used in an attempt to extort millions of dollars,” said Kimberly Milka, acting special agent in charge of the FBI Boston division.
“He also allegedly conspired to extort more money from a telecommunications provider over its confidential data,” Milka added. “This alleged scheme has resulted in serious consequences and highlights the FBI’s ongoing commitment to bringing cyber criminals to justice, no matter what their motivation is for willfully breaking the law.”
Lane has agreed to plead guilty to one count each of cyber extortion conspiracy; cyber extortion; unauthorized access to protected computers; and aggravated identity theft.
A plea hearing has not yet been scheduled by the court.
Members of the public who have questions or concerns as to whether a particular student and/or teacher’s information was compromised should contact their local school district.
©2025 MediaNews Group, Inc. Distributed by Tribune Content Agency, LLC.
