Fired IT Worker Jailed for 21 Months After Sabotaging Iowa School District's Systems
Ezekiel Dean Potter, a former IT support worker at Iowa's Saydel Community School District, was sentenced to 21 months in prison for a 20-month sabotage campaign using over 300 stolen credentials.
A disgruntled former IT worker has been sentenced to 21 months in federal prison for a prolonged sabotage campaign against his former employer, the Saydel Community School District in Iowa. Ezekiel Dean Potter, 34, was fired from his IT support role in April 2023 but retaliated over the next 20 months by using more than 300 stolen credentials to delete the district's Facebook page, disrupt its Apple School Manager, and compromise Google and PowerSchool accounts. The total losses exceeded $101,000, including costs for digital forensics, remediation, and lost staff time.
Potter's campaign began in June 2023, just weeks after his termination, when he deleted the district's Facebook page—a permanent deletion that forced the district to create a new page in August. He then targeted the Apple School Manager system, deleting user passwords, phone numbers, billing information, and mobile device management data, which required a week of collaboration with Apple to restore access. Between July and August 2023, he attempted to interfere with the district's GoDaddy account, logging in 26 times, including from a company-issued PC at his subsequent employer, Casey's convenience store chain.
After a lull, Potter resumed his attacks in October 2024 by gaining access to the district's Google and Gmail accounts. In January 2025, he logged into the PowerSchool-based Schoology learning platform using a compromised Google account and deleted the account of an IT staff member, which locked out teachers during a school day and prevented them from teaching for two hours. He returned a week later to delete nine additional district Gmail accounts, including those of current and former staff, the IT director, and the superintendent.
Potter's undoing came when he left a USB drive containing stolen credentials in his old desk at a subsequent employer, The Printer Inc. He asked a coworker to wipe the drive, but the coworker instead reported it to management, who passed it to law enforcement and eventually the FBI. Forensic examination revealed spreadsheets with over 300 district usernames and passwords, a floor plan of Saydel High School, and personal data. Investigators traced Potter's IP address to his employer even when he used a VPN during the January intrusions.
At his sentencing hearing on June 11, 2026, Potter expressed deep regret, particularly for disrupting children's learning. "I never intended to negatively affect students, but I recognize that harm was still done and I'm deeply sorry," he said. His defense attorney argued for probation, citing Potter's clean criminal background and the deterrent effect of his felony conviction and $59,668.81 restitution order. However, prosecutors pushed for a 26-month sentence, describing Potter's actions as "calculated, malicious, and seemingly motivated only by vindictiveness."
The case highlights the significant risk posed by insider threats, particularly from former employees with retained access to critical systems. The Saydel Community School District, which had only two IT staff members with the privileges to make changes to the Facebook account, suffered extensive operational disruption and financial loss. The incident underscores the importance of promptly revoking access credentials after employee termination and implementing robust monitoring for unauthorized access attempts.
Potter's sentence, handed down by the U.S. District Court for the Southern District of Iowa, includes a restitution order of $59,668.81, with $31,775.06 going to the school district and $27,893.75 to its insurer, Travelers Indemnity Company. The case serves as a cautionary tale for organizations of all sizes about the potential consequences of inadequate offboarding procedures and the need for proactive insider threat detection.