Former IT Worker Sentenced to 21 Months for Hacking Iowa School District

Ezekiel Dean Potter, a former senior IT support specialist for the Saydel Community School District in Des Moines, Iowa, was sentenced to 21 months in prison on June 11 for a protracted cyberattack against his former employer. The sentencing followed his January 2026 guilty plea to computer fraud under the Computer Fraud and Abuse Act.

Prosecutors said Potter's attacks spanned 21 months after his April 2023 termination and caused $59,668.81 in restitution costs. The U.S. government called him "a plague on the Saydel Community School District" in a sentencing memorandum.

Prolonged Campaign of Digital Sabotage

According to court documents, Potter retained access credentials after leaving the district and began his campaign shortly thereafter. The attacks targeted multiple platforms and disrupted daily operations:

• Deleted the district's Facebook page and targeted Apple School Manager, deleting user accounts, passwords, and device management data, which disabled management of district MacBooks and iPads for roughly a week.
• Accessed the Schoology learning management system via a Google administrator account in January 2025, deleting an IT employee's account and disrupting classes for approximately two hours.
• Deleted nine Gmail accounts belonging to the district's IT director, superintendent, and other employees.
• Attempted unauthorized access to the district's GoDaddy account and other online services.

After receiving Google security alerts about unauthorized logins, Potter switched to a VPN service. Investigators traced some activity to IP addresses associated with his subsequent employers, Casey's Store Support Center and TPI.

Undone by a USB Drive

Potter left TPI in January 2025 and asked a former coworker to retrieve and wipe a USB drive from his desk. Instead, the coworker turned the drive over to investigators, who discovered spreadsheets containing usernames and passwords for Saydel School District accounts. This evidence contributed to Potter's guilty plea without a plea agreement.

In addition to 21 months of imprisonment, Potter received three years of supervised release with restrictions on employment, finances, and computer use. He must submit to searches of electronic devices upon reasonable suspicion. The $59,668.81 restitution will be paid to the school district and its insurer, Travelers Casualty and Surety Company.

The case underscores the critical need for timely credential revocation and monitoring of former employees, particularly those with elevated access. School districts and other organizations often lack automated offboarding processes, leaving them vulnerable to insider threats. Potter's 21-month campaign shows how persistent a disgruntled former employee can be. The district has since overhauled its access management protocols, including mandatory password resets and two-factor authentication for all administrative accounts. The case serves as a cautionary tale for organizations of all sizes about the importance of post-employment security hygiene.