A former IT employee at an Iowa school district was sentenced to 21 months in prison for conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages.
Background of the Attack
According to court documents, Ezekiel Dean Potter, 34, previously worked as a senior IT support specialist for the Saydel Community School District in Des Moines from May 2022 through April 2023. Prosecutors say that after his employment ended, Potter retained access credentials and repeatedly targeted the district’s systems over the next 21 months.
Prosecutors described the attacks as a plague on the Saydel Community School District, stating that Potter deleted the district's Facebook page, stripped its employees of access to educational platforms and accounts, and tried again and again to reset its employees’ usernames and passwords for various other platforms and accounts.
Disruption and Damages
The attacks caused widespread disruption to the school district, impaired its ability to teach students, and resulted in tens of thousands of dollars in remediation costs. Court documents state the attacks began shortly after Potter left the district, when Saydel's Facebook account was deleted.
Potter later targeted the district's Apple School Manager account, deleting user accounts, passwords, phone numbers, billing information, and device management server data. This effectively prevented school employees from accessing the Apple School Manager platform and disabled management of district MacBooks and iPads for roughly a week while staff worked with Apple to recover access.
Investigation and Evidence
Federal investigators eventually traced some of the activity to IP addresses associated with Potter’s other employers, including Casey’s Store Support Center and The Printer Inc. (TPI). After Potter left TPI in January 2025, prosecutors say he asked a former coworker to retrieve and wipe a USB drive from his desk.
Instead, the coworker turned it over to investigators, who allegedly found spreadsheets containing usernames and passwords for Saydel School District accounts and services. Potter pleaded guilty in January 2026 to computer fraud charges under the Computer Fraud and Abuse Act without entering into a plea agreement.
Sentence and Restitution
On June 11, Potter was sentenced to 21 months in prison followed by three years of supervised release. As part of his supervised release conditions, Potter will be subject to restrictions and monitoring related to employment, finances, and computer systems, including searches of electronic devices upon reasonable suspicion.
Potter is also required to pay $59,668.81 in restitution to the Saydel Community School District and its insurer, Travelers Casualty and Surety Company, for remediation costs related to the attacks.
The case highlights the importance of securing access credentials and monitoring for suspicious activity, especially when employees leave an organization. It also demonstrates the potential consequences for individuals who engage in cyberattacks against their former employers.
- Related Articles:
- PowerSchool hacker claims they stole data of 62 million students
- PowerSchool hack exposes student, teacher data from K-12 districts
- UN food agency discloses breach affecting 600,000 Gaza households
- Instructure hacker claims data theft from 8,800 schools, universities
- Cosmetics giant Rituals discloses data breach affecting customers
Source: BleepingComputer