Key Takeaways
- Ezekiel Dean Potter, a former IT support technician for the Saydel Community School District (SCSD), was sentenced to 21 months in federal prison for a prolonged sabotage campaign that lasted from May 2023 to January 2025.
- Before his termination in April 2023, Potter harvested and stored more than 300 district user credentials, which he later used to access multiple systems.
- His attacks included the permanent deletion of the district’s Facebook page, disruption of Apple School Manager (preventing management of Macs and iPads), repeated attempts to hijack the GoDaddy account, and unauthorized logins to Google/Gmail and the PowerSchool‑based Schoology platform.
- The sabotage caused measurable financial harm: SCSD incurred $73,375 in direct costs and its insurer paid $27,893.75, for a total loss of $101,268.81.
- Evidence linking Potter to the crimes was recovered from a USB drive he asked a coworker to wipe; the drive contained credential spreadsheets, a school floor plan, and personal pay stubs.
- Potter expressed deep regret at sentencing, apologizing for disrupting students’ learning, while his defense sought probation; the prosecution argued for a longer term, emphasizing the calculated, vindictive nature of his conduct.
Background and Termination
Ezekiel Dean Potter, 34, worked as an IT support specialist for the Saydel Community School District in Iowa. His employment ended in April 2023 when the district terminated him for performance‑related reasons. Although the dismissal appeared routine, Potter harbored resentment that later manifested in a systematic campaign of digital retaliation against his former employer.
Credentials Harvesting Prior to Dismissal
Before leaving SCSD, Potter accessed and exported more than 300 user account credentials—including usernames and passwords—from the district’s systems. He stored this data locally, intending to use it for future unauthorized access. This stockpile of login information became the foundation for nearly all of his subsequent intrusions.
Facebook Page Deletion
On June 1, 2023, Potter logged into the district’s Facebook account—one of only two IT staff members with the necessary privileges—and deleted the page permanently. The loss forced SCSD to create a new Facebook presence in August 2023, disrupting the district’s outreach and communication efforts with parents and the community.
Apple School Manager Sabotage
Two weeks later, on June 14, 2023, Potter infiltrated the Apple School Manager portal. He deleted user passwords, phone numbers, billing information, and the primary mobile‑device management server settings, effectively locking SCSD out of managing its Macs and iPads. The district’s IT team spent a week collaborating with Apple to restore access, consuming significant staff time and resources.
GoDaddy Account Interference
Between July and August 2023, Potter turned his attention to the district’s GoDaddy account, which controlled domain registration and related services. He logged in 26 times, attempting to reset usernames and passwords. Although he did not succeed in taking full control, the repeated attempts created unnecessary administrative overhead and raised security alerts within the IT team.
Google/Gmail Intrusion
After a hiatus, Potter resurfaced in October 2024 when he successfully accessed SCSD’s Google and Gmail suites using credentials he had previously harvested. He delayed any destructive action until January 2025, when he began to exploit this access more aggressively.
PowerSchool Schoology Deletion
In January 2025, Potter logged into the district’s PowerSchool‑based Schoology learning platform via one of the compromised Google accounts. He deleted the account of an IT staff member, which inadvertently locked teachers out of Schoology during a school day, halting instruction for approximately two hours. A week later he returned and deleted nine additional Gmail accounts, affecting current and former employees, the IT director, and the superintendent.
USB Drive Discovery and Investigation
Potter’s undoing began when he asked a coworker to wipe a USB drive he had left in his old desk, ostensibly to remove personal files. The coworker, suspecting foul play, reported the drive to management instead of complying. The drive was handed over to the printer company where Potter subsequently worked, and then to law enforcement. Forensic analysis revealed spreadsheets containing over 300 SCSD usernames and passwords, a floor plan of Saydel High School, and personal documents including Potter’s pay stubs from his SCSD employment. This evidence directly tied him to the credential harvesting and subsequent intrusions.
Financial Impact on the District
The district quantified the monetary damage caused by Potter’s actions. Direct costs—including lost employee time, digital forensics, learning downtime, and vendor remediation—totaled $73,375. The district’s insurer, Travelers Indemnity Company, expended an additional $27,893.75 for forensic and recovery work, bringing the combined loss to $101,268.81. These figures do not capture the intangible harm to student learning and staff morale.
Legal Proceedings and Sentencing
Potter was indicted on October 15, 2025, arrested the following day, and released on pretrial supervision after accepting responsibility. He entered a guilty plea in January 2026 and was found guilty in February. At his sentencing hearing on June 11, 2026, Potter expressed remorse, stating he never intended to harm students but acknowledged the damage done and apologized sincerely. His defense attorney, Joseph Herrold, urged the court to impose a five‑year probation term, citing Potter’s clean criminal record (aside from a minor 2010 harassment misdemeanor), his genuine regret, and the deterrent effect of a felony conviction coupled with a restitution order of $59,668.81 ($31,775.06 to SCSD and $27,893.75 to the insurer).
Prosecution’s Position
U.S. Attorney David C. Waterman argued for a stricter 26‑month prison sentence. He characterized Potter’s conduct as “calculated, malicious, and motivated solely by vindictiveness,” emphasizing that the attacks were not isolated lapses but a sustained effort to harm the district. Waterman highlighted the broader impact on faculty, administrators, and students, noting that the disruption to teaching and school activities extended far beyond the measurable financial losses.
Conclusion and Implications
The court ultimately sentenced Ezekiel Dean Potter to 21 months in federal prison, a term that reflects the severity of his actions while acknowledging his expressed remorse and willingness to repay restitution. The case serves as a stark reminder of the risks posed by insider threats, especially when former employees retain access to credentials or retain grievances. It underscores the importance of promptly disabling accounts upon termination, monitoring privileged access, and conducting regular security audits. For educational institutions, the incident also illustrates how cyber sabotage can directly impede educational delivery, affecting not only finances but the core mission of teaching and learning. The restitution ordered and the prison term aim to deter similar future misconduct and to provide a measure of accountability for the harm inflicted on the Saydel Community School District.