“He had gathered and stored more than 300 Saydel user account credentials before he was terminated,” the court heard — a specific ledger of access that prosecutors say underpinned more than a year and a half of sabotage against the Saydel Community School District (SCSD).
Timeline of intrusions: May 2023 to January 2025
According to court documents, Ezekiel Dean Potter, 34, was fired from his IT support role at SCSD in April 2023. Between May 2023 and January 2025, Potter repeatedly accessed and altered district systems. The record lists a string of discrete incidents: deletion of SCSD’s Facebook page on June 1, 2023; deletion of Apple School Manager data on June 14, 2023; multiple attempts to reset GoDaddy account credentials between July and August 2023; access to SCSD Google and Gmail accounts in October 2024; and disruptive deletions on the district’s PowerSchool-based Schoology platform in January 2025, including the removal of staff accounts that locked teachers out during a school day.
Technical actions and operational impact
Court filings detail the mechanics and consequences of several intrusions. After deleting the Facebook page, SCSD had to create a new page in August 2023 because the deletion was permanent. Potter’s changes in Apple School Manager deleted users’ passwords, phone numbers, billing information and primary mobile device server management information, forcing SCSD’s IT staff to work with Apple for a week to restore access and functionality for Macs and iPads. In January 2025 Potter used a district Google account to log into Schoology and delete an IT staff account, an action that “locked out teachers during a school day and, in turn, prevented them from teaching for two hours,” court documents say. A week later he deleted nine additional district Gmail accounts, including accounts belonging to current and former staff, the district IT director, and the superintendent.
Evidence, forensic trail, and the ruination of anonymity
Investigators reconstructed Potter’s activity through a combination of digital traces and human reporting. He logged into the district’s GoDaddy account at least 26 times, once using a company-issued PC from his then-employer Casey’s. Though Potter switched to a VPN during one January intrusion, investigators later traced an IP address back to him and his employer, The Printer Inc., which he joined after leaving Casey’s. Potter left The Printer Inc. on January 23, 2025.
A USB drive Potter left in his old desk proved decisive. A coworker reported the device to management; The Printer Inc. passed it to law enforcement and later to the FBI. Forensic examination of the USB found spreadsheets with more than 300 district usernames and passwords, a floor plan for Saydel High School, personal data pertaining to Potter, and his pay stubs from SCSD.
Legal resolution, financial toll, and courtroom statements
Potter was indicted on October 15, 2025, arrested the following day, and released on pretrial supervision after accepting responsibility. He entered a guilty plea in January 2026, was found guilty in February, and faced sentencing on June 11, 2026. The court ordered 21 months in prison. Prosecuting US attorney David C. Waterman urged a 26‑month term, calling the acts “calculated, malicious, and seemingly motivated only by the defendant’s vindictiveness,” and describing Potter’s conduct as assaults “out of spite and pure maliciousness.” The prosecution’s sentencing memorandum referred to Potter as “a plague on the Saydel Community School District.”
At sentencing Potter expressed remorse: “I never intended to negatively affect students, but I recognize that harm was still done and I'm deeply sorry,” local media reported. His defense attorney, Joseph Herrold, argued against incarceration and asked for five years’ probation, noting Potter’s regret and a mostly clean criminal background apart from a 2010 misdemeanor harassment conviction for which he was fined $65.
The district quantified direct losses at $73,375 for employees’ lost time, digital forensics, learning downtime, and vendor remediation. SCSD’s insurer spent $27,893.75 on digital forensics and remediation, bringing total losses to $101,268.81. A restitution order required Potter to repay $59,668.81 in total: $31,775.06 to SCSD and $27,893.75 to Travelers Indemnity Company.
What this means for school IT teams, administrators, and insurers
- School IT teams: The case underscores the operational fragility when a small number of staff hold broad privileges — the source notes only two IT staff had the privileges needed to change the district Facebook account. Restoring device management in Apple School Manager required a week of vendor interaction.
- Administrators and teachers: Deletion of accounts on a live school day produced two hours of lost teaching time; the district also had to rebuild a permanent social-media presence after the Facebook page deletion.
- Insurers and risk managers: The insurer’s direct outlay of $27,893.75 and the larger combined loss of $101,268.81 illustrate a measurable financial cost across remediation, forensics, and operational disruption.
This case ties together several familiar threads: concentrated administrative privileges, retained employee access, and a physical artifact — a USB drive — that proved incriminating when turned over to authorities. The district’s multi-month effort to reclaim Apple device management, the permanent loss of its Facebook page, and the court-ordered restitution leave clear, concrete costs behind the headline conviction.
