Bad Actors in our Backyard

Target #1: A Telecom company
Lane broke into the company’s systems and demanded $200,000 to stay quiet—then dropped his demand to $75,000 when they refused.

Target #2: PowerSchool, an educational software giant.
Lane stole records of about 60 million students and 10 million teachers. He then ex-filtrated the data to servers in Ukraine. Then he demanded a ransom of $2.85 million in Bitcoin or he would publish or sell the stolen data.

The kicker: He was caught in part because he used some of his ransom Bitcoin to buy himself sneakers and designer clothes, a digital paper trail that law enforcement easily traced. Now, Lane faces up to 17 years in federal prison!

Why this matters! Cybercrime isn’t always sophisticated. This wasn’t a nation-state attack. It was a teenager exploiting stolen credentials, weak security practices, and taking advantage of people who underestimated who could be behind these.

Simple mistakes = Massive Consequences

Credential reuse, unsecured cloud services, and unmonitored exfiltration paths (data exiting your environment) remain the easiest entry points for bad actors, regardless of their age.

Takeaways for Leaders: Don’t think of hackers as someone else’s problem or responsibility. Secure third-party connections at every level. Monitor your data (or let us do it). Limit privilege and enforce zero trust. Have an incident response plan and test it regularly. Sometimes, the person rolling the dice with your business isn’t a cybercrime syndicate in Russia, it’s a teenager in your own backyard. –CMW