Ex-school district employee jailed for hacks on former employer Cybercrime

Potter is also required to pay $59,668.81 in restitution to the Saydel Community School District and its insurer, Travelers Casualty and Surety Company, for remediation costs related to the attacks. “He deleted SCSD’s Facebook page, stripped its employees of access to educational platforms and accounts, and tried again and again to reset its employees’ usernames and passwords for various other platforms and accounts.” Prosecutors said the attacks caused widespread disruption to the school district, impaired its ability to teach students, and resulted in tens of thousands of dollars in remediation costs.

The Criminal Operation

Test every layer before attackers do Security teams log 54% of successful attacks and alert on just 14%.

Further details indicate that court documents state the attacks began shortly after Potter left the district, when Saydel’s Facebook account was deleted.

Prosecutors say Potter later targeted the district’s Apple School Manager account, deleting user accounts, passwords, phone numbers, billing information, and device management server data.

Court documents go on to say that in January 2025, Potter accessed the district’s Schoology learning management system through a Google administrator account and deleted an IT employee’s account, disrupting teacher access to the platform and impacting classes for approximately two hours.

“For over a year and a half, Defendant was a plague on the Saydel Community School District,”, Spokesperson

Victims & Losses

Prosecutors say that after his employment ended, Potter retained access credentials and repeatedly targeted the district’s systems over the next 21 months. Prosecutors say Potter later targeted the district’s Apple School Manager account, deleting user accounts, passwords, phone numbers, billing information, and device management server data.

Protection Steps

1. This effectively prevented school employees from accessing the Apple School Manager platform and disabled management of district MacBooks and iPads for roughly a week while staff worked with Apple to recover access.

2. As part of his supervised release conditions, Potter will be subject to restrictions and monitoring related to employment, finances, and computer systems, including searches of electronic devices upon reasonable suspicion.

Analysis

As AI tooling proliferates, security teams face expanding attack surfaces tied to model inference and data pipelines.

Security teams should monitor vendor advisories and threat intelligence sources closely for additional context or updates. Organizations with mature security programs are advised to incorporate this intelligence into their regular risk assessments and prioritize response activities based on exposure and asset criticality. For environments where immediate remediation is not feasible, compensating controls such as network segmentation, enhanced monitoring, and access restrictions should be evaluated. Security leadership should communicate relevant details to operational teams and ensure that incident response capabilities are prepared if exploitation is observed in the wild.

Industry observers note that this type of development highlights the ongoing need for defense-in-depth strategies and proactive security posture management. Organizations that invest in regular security assessments and employee training tend to fare better when responding to emerging threats. The security community continues to share indicators and best practices to help defenders stay ahead.