Meet 19-year-old Matthew Lane. We often picture hackers as mysterious figures lurking in shadows. However, the face of cybercrime is changing, and sometimes it appears to be a college student from Worcester, Massachusetts.
Last month, Matthew pleaded guilty to hacking two major companies and attempting to extort millions in Bitcoin. Here's what happened:
✅ Target #1: A telecom company.
Lane broke into their systems and demanded $200,000 to stay
quiet—then dropped his price to $75,000 when they
refused.
✅ Target #2: PowerSchool, an educational software
giant.
Stole records of ~60 million students and 10 million
teachers.
Exfiltrated the data to servers in Ukraine.
Demanded a ransom of $2.85 million in Bitcoin.
Threatened to publish or sell the stolen data.
Simple mistakes lead to big consequances (ask Brian Kohberger). Matthew was caught in part because he used some of his ransom Bitcoin to buy himself sneakers and designer clothes, a digital paper trail law enforcement easily traced. Now, Lane faces up to 17 years in federal prison.
WHY THIS MATTERS...
Cybercrime isn't always sophisticated.
This wasn't a nation-state attack.
It was a teenager exploiting stolen credentials, weak security
practices, and underestimations of "who could be behind
this."
Simple mistakes = massive consequences.
Credential reuse, unsecured cloud services, and unmonitored exfiltration paths remain the easiest entry points for attackers, regardless of their age.
Conclusion
Stop thinking of hackers as "other people's
problem."
Secure third-party connections.
Monitor data exfiltration.
Limit privilege and enforce zero trust.
Have an incident response plan and practice it regularly.
Because sometimes, the person rolling the dice with your business isn't a cybercrime syndicate in Russia... It's a teenager in your own backyard.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.