Former school district employee jailed for hacking former employer

A former IT worker for an Iowa faculty district has been sentenced to 21 months in jail for conducting a long-running cyberattack in opposition to his former employer that disrupted classroom operations, deleted accounts, and prompted tens of hundreds of {dollars} in damages.

Ezekiel Dean Potter, 34, labored as a senior IT help specialist for the Sidell Neighborhood College District in Des Moines from Could 2022 to April 2023, in response to courtroom paperwork.

Prosecutors mentioned Potter retained his entry standing after his employment ended and repeatedly focused the district’s methods over the following 21 months.

“For greater than a 12 months and a half, the defendant was a affected person of the Sidell Neighborhood College District,” the U.S. authorities mentioned in its sentencing memorandum.

“He deleted SCSD’s Fb web page, stripped staff of their entry to schooling platforms and accounts, and made a number of makes an attempt to reset usernames and passwords for workers’ varied different platforms and accounts.”

Prosecutors mentioned the assault prompted widespread disruption within the faculty district, impaired pupil instruction, and value tens of hundreds of {dollars} to restore.

Based on courtroom paperwork, the assaults started shortly after Potter left the district and Seidel’s Fb account was deleted.

Prosecutors mentioned Potter then focused the district’s Apple College Supervisor account, deleting person accounts, passwords, cellphone numbers, billing data and gadget administration server information.

This successfully left faculty employees with out entry to the Apple College Supervisor platform and the power to handle the district’s MacBooks and iPads for about every week till employees labored with Apple to revive entry.

The district additionally skilled makes an attempt to achieve unauthorized entry to GoDaddy accounts and different on-line providers.

The courtroom paperwork additionally say that in January 2025, Potter accessed the district’s faculty studying administration system by way of a Google administrator account and deleted an IT worker’s account, disrupting academics’ entry to the platform and disrupting lessons for about two hours.

Per week later, prosecutors mentioned Potter accessed one other administrator account and deleted 9 Gmail accounts belonging to present and former district staff, together with the district’s IT director and superintendent.

Based on courtroom filings, Potter switched to utilizing a VPN service after receiving a Google safety alert warning of unauthorized account entry.

Federal investigators in the end traced a number of the exercise to IP addresses related to Potter’s different employers, together with Casey’s Retailer Assist Heart and The Printer Inc. (TPI).

After Potter left TPI in January 2025, prosecutors mentioned he requested a former colleague to take away the USB drive from his desk and erase it.

As an alternative, the co-worker turned it over to investigators, who allegedly found a spreadsheet containing usernames and passwords for Sidell College District accounts and providers.

Mr. Potter pleaded responsible in January 2026 to pc fraud expenses below the Laptop Fraud and Abuse Act with out coming into right into a plea settlement.

On June 11, Potter was sentenced to 21 months in jail, adopted by three years of supervised launch.

As a part of the phrases of his supervised launch, Mr. Potter is topic to restrictions and monitoring relating to his employment, funds, and pc methods, together with searches of his digital units within the occasion of affordable suspicion.

Ms. Potter should additionally pay $59,668.81 in restitution to the Sidell Neighborhood College District and its insurance coverage firm, Vacationers Casualty & Surety Firm, for remediation prices associated to the assault.