A single “student system” breach can quietly put a child’s lifetime of identity at risk.
Quick Take
- A Massachusetts college student says a compulsive “addiction” to hacking drove him to breach PowerSchool, a core school data system used nationwide.
- He spoke publicly for the first time two days before reporting to prison, thanking the FBI for stopping him.
- The reported scale was staggering: sensitive information tied to roughly 60 million students and 10 million teachers.
- The story fits into a long pattern of teen and young-adult hacking that starts as “exploration” and ends in real-world damage.
A confession timed for maximum impact: two days before prison
The hacker’s most revealing detail wasn’t a technical trick; it was the timing. He agreed to an exclusive interview just two days before reporting to prison, describing himself as “addicted to hacking” and oddly relieved the FBI caught him.
That kind of pre-surrender confession tries to do two things at once: explain a compulsion and reframe consequences as intervention. Parents should hear the subtext: he didn’t stop himself.
The breach he discussed involved PowerSchool, a student information system used across U.S. school districts to track grades, attendance, and personal data.
When that kind of backbone system gets hit, the harm isn’t limited to one campus or one town. School records link names, birthdates, contact details, and administrative identifiers across years.
For criminals, that continuity is the product: a profile that follows a child into adulthood.
Why school data is a uniquely tempting target
PowerSchool-style platforms concentrate information that families rarely monitor the way they monitor a bank account.
Adults know to watch for credit card activity; few parents regularly check whether a child’s identity has been used, partly because kids often have “clean” credit histories for years.
That delay window makes student data attractive. The article’s reported numbers—tens of millions of students and millions of teachers—also point to a second reality: one breach can become an industrial-scale harvest.
The hacker’s “cautionary tale” framing lands because it matches how compulsion works in the real world. People rarely confess, “I chased the thrill.” They say, “I couldn’t stop.”
That matters for policy and parenting because addiction language can be an excuse, but it can also be a warning flag.
If a young person spends nights chasing access and status in online communities, the drive often grows faster than any fear of consequences.
The teen-hacker pipeline: curiosity, community, escalation
Youth hacking has a familiar arc. It starts with curiosity and low-level experimentation, then shifts into identity and peer validation.
Older cases show the same progression: teens who enter systems “just to see” what they can do, then discover they can disrupt real institutions.
Past examples include high-profile intrusions into government and major consumer platforms, where the technical barrier was lower than the social cost of what came next: attention, pressure, and law enforcement scrutiny that a teenager’s brain and life structure aren’t built to handle.
Some media treatments romanticize young hackers as prodigies who simply need a mentor. That view contains a kernel of truth: talent exists, and structured paths, such as sanctioned security testing, can channel it.
A kid who breaks into a neighbor’s house because he’s “curious” still broke in. In cyberspace, the victim just looks like a logo until the consequences arrive in court.
Law enforcement as the hard stop—and why that’s not “mean”
The hacker’s public thanks to the FBI will strike some readers as performative, but it also highlights a reality that parents underestimate: external interruptions often become the only interruptions.
Families can restrict devices, schools can offer cyber clubs, companies can patch systems—but when a young person crosses into criminal intrusion, deterrence matters.
Consequences protect victims and would-be repeat offenders from escalating into more serious crimes, where the penalties and harms multiply.
Schools and vendors also have a duty that extends beyond “best effort.” When systems store minors’ information at national scale, security can’t be treated like a line item to revisit next budget cycle.
District leaders often sit in impossible positions—tight budgets, legacy software, staffing shortages—but the mission stays the same: educate children and safeguard them.
Vendors that sell “all-in-one” data platforms must assume attackers will target them precisely because they are everywhere.
What parents can realistically do when the threat is invisible
Parents can’t patch PowerSchool, and they can’t interview every stranger in a digital underground. They can do two practical things.
First, treat a child’s identity as something worth monitoring, even before the child has credit cards.
Second, treat unusual online obsession as a behavioral issue, not a “computer phase.” The hacker in this story described a compulsion; compulsion thrives in secrecy, sleep deprivation, and isolation—conditions adults can spot.
The open question the interview leaves behind is uncomfortable: if he hadn’t been caught, would he have stopped? He says no.
That’s the part worth taking seriously, because it shifts the conversation away from “one bad kid” and toward a system that rewards intrusion with status and adrenaline.
The nation can’t educate its way out of that without accountability, better security hygiene, and adults willing to say “no” early and often.
'Addicted to hacking': Young hacker behind historic breach speaks out for 1st time, before reporting to prison – ABC News via @ABC – https://t.co/vhwD4zDNNy
— Kev (@blu_kryptonian) April 14, 2026
The next breach won’t announce itself with a confession. It will arrive as a quiet data leak, followed by years of nuisance calls, fraudulent accounts, and headaches that families and teachers never signed up for.
The “addicted to hacking” narrative may draw clicks, but the real takeaway is simpler: when student data becomes a prize, every school system becomes a target, and every parent becomes part of the cleanup crew.
Sources:
Meet a 12-year-old hacker and cybersecurity expert
CNN hacked: The teenager who took down a giant
