From the U.S. Attorney’s Office in Massachusetts on November 29:
BOSTON – An Ayer man was charged today and agreed to plead guilty in connection with a June 2023 cyberattack targeting the computer network of his former employer, an Essex County public high school.
Conor LaHiff, 30, was charged in an Information with one count of unauthorized damage to protected computers. He will appear in federal court in Boston at a later date.
According to court documents, LaHiff was employed as a desktop and network manager at an Essex County public high school until he was terminated in June 2023. After he was fired, LaHiff allegedly used his administrative privileges to deactivate and delete thousands of Apple IDs from the school’s Apple School Manager account – software used to manage student, faculty and staff information technology resources. LaHiff also allegedly deactivated more than 1,400 other Apple accounts and other IT administrative accounts and disabled the school’s private branch phone system, which left the school’s phone service unavailable for approximately 24 hours.
The charge of unauthorized damage to protected computers provides for a sentence of up to 10 years in prison, up to three years of supervised release and a fine of $250,000 or twice the gross gain or loss. Sentences are imposed by a federal district court judge based upon the U.S. Sentencing Guidelines and statutes which govern the determination of a sentence in a criminal case.
Acting United States Attorney Joshua S. Levy and Jodi Cohen, Special Agent in Charge of the Federal Bureau of Investigation, Boston Division made the announcement today. Assistant U.S. Attorney Mackenzie A. Queenin of the Securities, Financial & Cyber Fraud Unit is prosecuting the case.
The details contained in the charging documents are allegations. The defendant is presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.