2026-06-13 | Ex-school district employee jailed for hacks on former employer

A former  IT employee at an

school district was sentenced to 21 months in prison for conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thonds of dollars in damages. According to court documents, Ezekiel Dean Potter, 34, previously worked as a senior IT support specialist for the Saydel Community School District in Des Moines from May 2022 through April 2023. Prosecutors say that after his employment ended, Potter retained access credentials and repeatedly targeted the district’s systems over the next 21 months. "For over a year and a half, Defendant was a plague on the Saydel Community School District," the U.S. government said in a sentencing memorandum . "He deleted SCSD’s Facebook page, stripped its employees of access to al platforms and accounts, and tried again and again to reset its employees’ usernames and passwords for various other platforms and accounts." Prosecutors said the attacks caused widespread disruption to the school district, impaired its ability to teach students, and resulted in tens of thonds of dollars in remediation costs. Court documents state the attacks began shortly after Potter left the district, when Saydel's Facebook account was deleted. Prosecutors say Potter later targeted the district's Apple School Manager account, deleting user accounts, passwords, phone numbers, billing information, and device management server data. This effectively prevented school employees from accessing the Apple School Manager platform and disabled management of district MacBooks and iPads for roughly a week while staff worked with Apple to recover access. The district also experienced unauthorized access attempts against its GoDaddy account and other online services.

Court documents go on to say that in January 2025, Potter accessed the district's Schoology learning management system through a Google administrator account and deleted an IT employee’s account, disrupting teacher access to the platform and impacting classes for approximately two hours. A week later, prosecutors say Potter accessed another administrator account and deleted nine Gmail accounts belonging to current and former district employees, including the district’s IT director and superintendent. Court filings state that Potter later switched to using a VPN service after receiving Google security alerts warning of unauthorized account access. Federal investigators eventually traced some of the activity to IP addresses associated with Potter’s other employers, including Casey’s Store Support Center and The Printer Inc. (TPI). After Potter left TPI in January 2025, prosecutors say he asked a former coworker to retrieve and wipe a USB drive from his desk. Instead, the coworker turned it over to investigators, who allegedly found spreadsheets containing usernames and passwords for Saydel School District accounts and services. Potter pleaded guilty in January 2026 to computer fraud charges under the Computer Fraud and Abuse Act without entering into a plea agreement. On June 11, Potter was sentenced to 21 months in prison followed by three years of supervised release. As part of his supervised release conditions, Potter will be subject to restrictions and monitoring related to employment, finances, and computer systems, including searches of electronic devices upon reasonable suspicion. Potter is also required to pay $59,668.81 in restitution to the Saydel Community School District and its insurer, Travelers Casualty and Surety Company, for remediation costs related to the attacks. Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection. Get the whitepaper