A former IT employee at an Iowa school district has been sentenced to 21 months in prison for a lengthy cyberattack on a former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages.
According to court documents, Ezekiel Dean Potter, 34, previously worked as a senior IT support specialist at the Saydel Community School District in Des Moines from May 2022 to April 2023.
Prosecutors say that after his employment ended, Potter maintained access warrants and repeatedly directed the district’s programs over the next 21 months.
“For more than a year and a half, the Defendant has been a scourge in the Saydel Public School District,” the US government said in a sentencing memorandum.
“He deleted SCSD’s Facebook page, deprived its staff of access to educational forums and accounts, and repeatedly attempted to reset staff usernames and passwords for other forums and accounts.”
Prosecutors say the attack caused widespread disruption to the school district, hampered its ability to educate students, and caused tens of thousands of dollars in repair costs.
Court documents say the attacks began shortly after Potter left the district, when Saydel’s Facebook account was deleted.
Prosecutors said Potter later targeted the district’s Apple School Manager account, deleting user accounts, passwords, phone numbers, payment information, and device management server data.
This effectively prevented school staff from accessing the Apple School Manager platform and disabled management of the district’s MacBooks and iPads for nearly a week while staff worked with Apple to gain access.
The district also faced unauthorized access attempts against its GoDaddy account and other online services.
Court documents further state that in January 2025, Potter accessed the district’s Schoology learning system using a Google administrator account and deleted an IT employee’s account, disrupting teacher access to the field and impacting classes for about two hours.
A week later, prosecutors say Potter found another administrator’s account and deleted nine Gmail accounts belonging to current and former district employees, including the district’s IT director and superintendent.
Court filings say Potter later switched to using a VPN service after receiving Google security warnings about unauthorized account access.
Federal investigators eventually traced some of the work to IP addresses associated with Potter’s other employers, including Casey’s Store Support Center and The Printer Inc. (TPI).
After Potter left TPI in January 2025, prosecutors say he asked a co-worker to retrieve and erase a USB drive from his desk.
Instead, the co-worker turned it over to investigators, who allegedly found spreadsheets containing usernames and passwords for Saydel School District accounts and services.
Potter pleaded guilty in January 2026 to charges of computer fraud under the Computer Fraud and Abuse Act without entering into a plea agreement.
On June 11, Potter was sentenced to 21 months in prison followed by three years of supervised release.
As part of his conditions of supervised release, Potter will be subject to restrictions and monitoring related to work, finances, and computer systems, including searches of electronic devices if warranted.
Potter was ordered to pay $59,668.81 in restitution to the Saydel Public School District and its insurer, Travelers Casualty and Surety Company, for repair costs related to the attack.
Security teams penetrate 54% of successful attacks and monitor 14%. Some walk around the area without being seen.
The Picus white paper shows how breaches and attack simulations evaluate your SIEM and EDR rules so that threats stop slipping through detection.
Get a white paper
