Ezekiel Dean Potter, 34, was sentenced to 21 months in prison after exploiting access he kept from a two person IT shop to delete the district's Facebook page, block its management of student Macs and iPads, and log into its website dozens of times.
Saydel Community School District in Iowa fired Ezekiel Dean Potter from his IT support job in April 2023. For roughly the next 18 months, until at least January 2025, he was still inside the district's systems, using access that nobody on a two-person IT team had bothered to take back.
On June 11, 2026, a federal court sentenced Potter, 34, to 21 months in prison for what prosecutors described in a sentencing memo as systematic sabotage of his former employer. The case reads at first like a workplace revenge story. The more useful read is as a credential-lifecycle failure: a small school district that treated offboarding as an HR task instead of an IT emergency, and then did not notice that one former employee was still logging in for a year and a half.
The numbers tell the scale. Before he was fired, Potter had quietly collected more than 300 Saydel user account credentials. He was one of only two IT staff members holding the privileges required to make changes to the district's Facebook account, and he also held privileged access to the district's GoDaddy hosting account and to Apple School Manager, the tool Saydel used to manage student Macs and iPads, according to The Register's reporting on the sentencing.
In the 18 months that followed, Potter used that access to do real damage. About six weeks after his termination, on June 1, 2023, he deleted the district's Facebook page. He later wiped data tied to Apple School Manager, cutting Saydel off from managing the devices it had issued to students. He logged into the GoDaddy account at least 26 times, the same Register report says, and he affected PowerSchool Schoology, the district's learning management platform.
The Casey detail is worth pausing on. Some of the GoDaddy logins were traced to a PC issued by Casey's, the convenience-store chain that had become Potter's next employer. Endpoint defenses on the new employer's machine saw nothing, because the traffic was a normal web login. Identity-side defenses at Saydel saw nothing, because nobody was watching for an ex-employee's account. The intrusion lived for 18 months in the gap between what the endpoint knew and what the identity system knew.
The prosecution's framing in the sentencing memo was blunt: Potter was, in the memo's words, "a plague on the Saydel Community School District." That phrasing belongs to the government filing, not to outside observers. The structural point survives without it. A single departing administrator at a small K-12 district kept the keys to comms, devices, and the website for nearly two years, and nobody in IT noticed.
For school districts and small public-sector IT shops, the case is less about Potter than about the offboarding checklist. Revoking 300 credentials on termination day is not a sophisticated security project. It is a one-day project. Doing it requires that IT own the offboarding workflow rather than receive it as an email from HR three days after the fact. It requires that privileged accounts be auditable, so the security team can see who is still using a credential issued to someone who no longer works there. And it requires that the audit actually run, on a schedule short enough to catch an 18-month gap.
The Register's report by cybersecurity trade-press reporter Connor Jones is the primary source for the timeline, the 300-credential count, the GoDaddy login figure, and the Casey endpoint detail. The underlying court record and the prosecution sentencing memo PDF were not independently retrieved for this analysis, and the precise procedural posture, whether Potter pleaded or was found guilty at trial, was not fully confirmed in the source material reviewed. Neither caveat changes the credential-lifecycle lesson, but both are worth flagging for any reader who needs the legal record itself.
Potter's 21-month sentence is the wire headline. The story that should outlive the news cycle is simpler and uglier: an Iowa school district fired its IT worker, did not kill his access, and did not notice he was still inside for 18 months.