Background on Matt Weiss and the Charges
Matt Weiss served as quarterbacks coach and co-offensive coordinator at the University of Michigan under Jim Harbaugh. Prior to Michigan, he spent over a decade with the Baltimore Ravens. In January 2023, Michigan fired him amid an investigation into 'computer crimes' at their football facility[1].
The 24-count federal indictment accuses Weiss of accessing student-athlete databases via a third-party vendor, downloading data on 150,000 athletes, and using it to hack social media, email, and cloud accounts of over 2,000 targets. He allegedly stole intimate photos and videos for personal use, with crimes spanning 2015 to 2023[2].
Prosecutors note the hacks included a 72-hour period in 2022 during playoff preparations against TCU. Weiss faces up to five years per unauthorized access count and mandatory two-year minimums for identity theft[2].
Latest Developments and Court Rulings
On December 23, 2025, a federal judge ruled Weiss must face aggravated identity theft charges, denying motions to dismiss. This follows an FBI affidavit revealing security footage of Weiss at Michigan's facility before hacks targeting student files[1].
The footage, seized eight months ago, includes photos allegedly stolen by Weiss. Investigations confirmed access from computers in Schembechler Hall, linking him to over 2,000 victims nationwide[1].
Weiss maintains innocence, with his attorney declining comment post-arraignment. The ruling keeps the case alive, potentially leading to trial amid growing evidence[3].
Impacts on College Athletics
The scandal has alarmed college sports, with victims at schools like Westmont and concerns over undetected breaches. Experts call it one of the most prolific individual hacking cases without financial motive[3].
Lawsuits loom against Michigan and others for failing to monitor Weiss, who earned $850,000 annually. Victims' advocates push for accountability from third-party vendors like Keffer Development Services[3].
Beyond criminal charges, the case highlights privacy risks in athletics databases, prompting calls for better security across over 100 universities[3].