Former Iowa IT Employee Sentenced for Prolonged Cyberattack on School District
A former IT specialist at the Saydel Community School District in Iowa was sentenced to 21 months in prison for conducting a year-long cyberattack that disrupted classroom operations and caused significant financial damage, according to court documents.
What were the details of the cyberattack?
Ezekiel Dean Potter, 34, worked as a senior IT support specialist for the Saydel Community School District from May 2022 to April 2023. After leaving the district, prosecutors allege he retained access credentials and targeted the school’s systems over 21 months, deleting accounts, disrupting educational platforms, and causing tens of thousands of dollars in damages.
According to the U.S. Attorney’s Office, Potter deleted the district’s Facebook page, stripped employees of access to educational platforms, and repeatedly reset usernames and passwords. The attacks impaired the district’s ability to teach students and forced staff to work with Apple to recover access to the Apple School Manager platform, which disabled management of MacBooks and iPads for a week.
How did the attacks escalate?
The cyberattacks intensified in January 2025 when Potter accessed the district’s Schoology learning management system via a Google administrator account, deleting an IT employee’s account and disrupting teacher access for two hours. A week later, he deleted nine Gmail accounts, including those of the IT director and superintendent, prosecutors said.
Potter later used a VPN to avoid Google’s security alerts. Federal investigators traced activity to IP addresses linked to his former employers, including Casey’s Store Support Center and The Printer Inc. (TPI). After leaving TPI in January 2025, he allegedly asked a coworker to retrieve a USB drive from his desk, which was instead turned over to investigators. The drive contained spreadsheets with usernames and passwords for district accounts.
What legal consequences did Potter face?
Potter pleaded guilty in January 2026 to computer fraud charges under the Computer Fraud and Abuse Act without a plea agreement. On June 11, 2026, he received a 21-month prison sentence followed by three years of supervised release. As part of his supervised release, Potter will face restrictions on employment, finances, and computer use, including device searches upon suspicion of violations. He is also required to pay $59,668.81 in restitution to the district and its insurer, Travelers Casualty and Surety Company.
Why does this case matter?
The case highlights the risks of insider threats in educational institutions, where former employees with access to sensitive systems can cause prolonged damage. Cybersecurity experts emphasize the importance of revoking access credentials immediately upon termination and monitoring for unauthorized activity. The Saydel incident aligns with broader concerns about school districts’ vulnerability to cyberattacks, which have increased in frequency and sophistication in recent years.