On a recent Tuesday morning, as his parents were driving him to the federal prison in Connecticut where he’ll be locked up for the foreseeable future, 20-year-old Matthew Lane sent a text message to ABC News.

“It’s extremely sad, and I’m just scared,” he wrote.

Barely a year earlier, while still a teenager, he helped launch what’s been described as the biggest cyberattack in U.S. education history — a data breach that concerned authorities so much, it prompted briefings with senior government officials inside the White House Situation Room.

The breach pierced the education technology company PowerSchool — used by 80% of school districts in North America — and “put at risk the security of 60 million children and 10 million teachers,” the Justice Department said.

With threats to expose social security numbers, dates of birth, family information, grades, and even confidential medical information, the breach cornered PowerSchool into paying millions of dollars in ransom.

“I think I need to go to prison for what I did,” Lane told ABC News in an exclusive interview, speaking publicly for the first time about the headline-grabbing heist and his life as a cybercriminal.

“It was disgusting, it was greedy, it was rooted in my own insecurities, it was wrong in every aspect,” he said in the interview, two days before reporting to prison.

Lane is just one example of what cybersecurity experts, authorities and even Lane himself say is a wide-ranging menace: a new generation of tech-savvy teenagers who are uniquely dangerous and surprisingly young.

“We’ve worked cases where individuals as young as 14 are being interviewed by the FBI,” said Supervisory Special Agent Doug Domin, who oversaw the PowerSchool investigation out of the FBI’s Boston field office.

Members of Generation Z — who have had digital devices and the Internet in their lives since birth — are particularly vulnerable to the allure of cybercrime because the social media platforms they inhabit can glorify “a criminal lifestyle”; the gaming platforms they frequent can boost their “hacker skill sets”; and the technology used for hacking is “so available,” according to Fergus Hay, the CEO of a European-based group called “The Hacking Games” that’s now working to keep kids around the world out of cybercrime.

“So a young person with less technical skills can do more damage than a previous generation,” Hay said.

In September, authorities arrested a boy from Illinois who in 2023, at age 15, allegedly launched a devastating cyberattack on Las Vegas casinos that reportedly cost MGM Resorts alone more than $100 million. He is awaiting trial.

The same month, the Justice Department announced the overseas arrest of a 19-year-old British national who, starting at age 16, allegedly helped a notorious international cybergang hack into the networks of nearly 50 U.S. companies and more than 60 others around the world, extorting them out of $115 million in total. He has yet to be extradited.

Hay and his group of entrepreneurs and cybersecurity experts, which includes a former FBI agent, say they’re so concerned about what could be coming next that they’ve launched an education and media campaign targeting Generation Z, backed by a testing platform they developed to identify what they say is often-overlooked talent for the cybersecurity field.

“You’ve got this whole young generation who are like free-range chickens out there,” Hay said. “Under no guidance, they can fall into really, really bad habits. Under the right guidance, you can take this generation and use their skills [positively].”

For Lane, such intervention came too late.

“I couldn’t stop,” he said of his cyber crimes. “I was addicted to hacking.” 

‘That’s how I fell into it’

According to Lane, his story began on Roblox, the colossal online gaming platform popular with children and teens.

As he remembers it, by the time he was 9 or 10 years old, he was struggling with his mental health and what he later would learn was autism. He said he felt “different” and like “an outcast” at school, so he found “solace” on Roblox.

But on Roblox he also found cheaters — people who could reprogram games to gain an advantage — and he wanted to figure out how to do that too, he said.

That led him to a world of online “hacking forums,” where accomplished hackers not only share trade secrets but also sell vast databases of stolen information — including hijacked usernames and passwords — and even brag about their digital misdeeds, Lane said.

They also praise each other — offering a dangerous “sense of camaraderie,” Lane said — and they post photos and videos of themselves playing with stacks of cash, expensive cars, and other tainted luxuries.

“You see this lavish, luxurious lifestyle,” Lane recalled. “As a young kid you’re like, ‘I’m gonna do that.’ And that’s how I fell into it.”

Lane and others warn that online forums also attract criminal groups seeking to recruit potential hackers.

“The bad guys are on all the platforms watching the kids playing,” Hay said. “And when they see an elite-level performer, they go approach that kid, masquerading as another kid, and they go, ‘Hey, you want to earn some [money]? … Here are the tools, here are the techniques.'”

In a statement to ABC News, Roblox noted that cybercrime is “an industry-wide challenge” and said that the company has “zero tolerance for such acts on our platform,” including by using “a robust safety and security system dedicated to detecting and stopping bad actors.” The platform also said it uses “cutting edge anti-cheat technology” to stop cheating on its platform, and it works closely with law enforcement to report suspicious activity and combat cybercrime.

On Monday, Roblox announced that, starting in June, it will offer age-checked accounts for younger users that limit what games they can play, and add “more closely align content access, communication settings, and parental controls with a user’s age.”

‘Incomparable to any drug’

Lane said he was a prolific cyber criminal by age 15, and usually directed his cyberattacks toward “big, big” targets.

“I would just search ‘Top Fortune 500 companies,'” he said with an anxious laugh.

He said that 90% of the time, he and others he worked with gained “initial access” to a target’s system by using a “specially-curated tool” that Lane helped build, which could identify vulnerabilities on a website.

Once inside a target’s system, he and the others would “spread our resources to each part of the website or company,” secretly stealing whatever data they could, he said.

“And then [the final step] is ransom,” he said.

According to Lane, he spent his “ill-gotten gains” on designer clothes, diamond jewelry, DoorDash deliveries, Airbnb rentals for him and his friends, and drugs — “lots of drugs.”

He said he would numb ever-present feelings of guilt with drugs — from high-potency marijuana to acid. But it was hacking that gave him the strongest high.

“It’s indescribable the adrenaline you get when you do something like that,” he said. “It’s way more than driving 120 miles per hour. … Incomparable to any drug at all, as well.”

Lane said he was in a dangerous and “disconnected” spiral, convincing himself over and over again that at some point he would either “end up dead” or figure out a way to make himself stop — “and I didn’t do either of those.”

‘Destroy your company’

By the fall of 2024, Lane found the source of his next fix: Credentials stolen from a PowerSchool contractor were available online.

According to court documents, Lane used the contractor’s credentials to rummage through PowerSchool’s systems undetected, and he leased a server in Ukraine, where an alleged co-conspirator eventually transferred significant amounts of student and teacher data.

Then, in late December, PowerSchool received a series of threatening messages claiming to be from a global cybercrime syndicate. The threats vowed to release the sensitive personal information of tens of millions of students — some as young as 5 — if PowerSchool didn’t pay nearly $3 million in cryptocurrency.

They paid.