A 19 -year -old college student of Worster, Massachusetts blamed for a large -scale cyber attack on the powerscool, which has expanded millions of dollars in exchange for not leaking personal data of millions of students and teachers.
According to the US Department of Justice, Matthew D. Lane convicted a cyber extortion conspiracy, cyber extortion, unauthorized access to protected computers, and four federal allegations for identity theft.
Dose And Court document Explain that lanes and their conspirators violated a US-based telecom company in 2022, where they stole confidential customer information. During this violation, he had access to the Power’s Credentials related to an employee in the telecom company, which served as a contractor for powerscool.
After trying to get the telecom firm out, DOJ says he attacked an education company that would pay the ransom.
“On or about May 14, 2024, lane messed up CC -1 that if the victim 1 did not pay the ransom, the lanes and CC -1 victims could sell 1 data. Lane further suggested, ‘We need to hack another. DOJ Complaint,
Although the complaint is not clearly mentioned in the complaint, sources told the Blapping computer that they are an education company referred to by DOJ.
The complaint stated that in December 2024, in December 2024, the stolen credibility was stolen from the Powerscool contractor to break the company for millions of students and faculty and steal data for the faculty.
As reported earlier by bleepingcomputer, the danger actors broke the support platform of Powerschool, Powersource, and used a maintenance tool to download the school database. These databases included personal information from 62.4 million students and 9.5 million teachers from 6,505 school districts in the US, Canada and other countries.
This data included separate information based on the district, including students and faculty full names, physical addresses, phone numbers, passwords, parents’ information, contact details, social security numbers, medical data and grade.
DOJ says on December 28, 2024, the powerscool in bitcoin demanded a ransom of about $ 2.85 million in bitcoin. This danger warned that if the payment is not made, the stolen data would be “leaked” worldwide “.
While Bleepingcomputer earlier stated that Powerschool paid ransom demand to prevent data leakage, it is still not clear how much was paid.
However, even after paying the ransom, the danger actors attempted to give further ransom to the individually affected school districts, which to give further ransom to not leak the student data.
According to school notice and Databreaches.netIt claims to be a ransom demand from a glossy hunter, a huge group of danger actors known for a wide range of danger, including snowflake data theft attack and 2022 data violations in AT&T that affect 109 million people.
While many danger actors involved in Snowflake and AT and T attacks have been arrested in the last one year (1, 2, 2,. 3), It is possible that other members carried out the attacks, or that the copyers are trying to put a false flag.
In addition to the powerscool breech, the lane also faces allegations for an attempt to evacuate the US-based telecom company, where they demanded a ransom of $ 200,000 and threatened against the company officials if the ransom was not paid.
Lane has agreed to be guilty in all four cases and faces a two -year compulsory minimum punishment and each other allegations for five years for theft of identity.
Based on the analysis of 14M malicious tasks, search for the top 10 MITERAT & CK techniques behind the 93% attacks and how to defend them against them.
