ADA — A former information technology professional at Byng Public Schools in Pontotoc County has been charged with three felonies for allegedly accessing a teacher’s personal Snapchat account, stealing her private nude photos and attempting to trade them for other nude photos with at least one district student.
According to state law enforcement, Zachary Milliren was caught with personal or sexual photos and videos of more than 200 Byng students, teachers and staff members. So far, he has only been charged on counts related to theft and distribution of one teacher’s images.
Brook Arbeitman, public information officer for the Oklahoma State Bureau of Investigation, said the investigation is ongoing and that she cannot comment on cases after charges have been filed.
Milliren, 26, was officially charged Jan. 11 with one count of computer fraud or unlawful use of a computer system, one count of nonconsensual dissemination of private sexual images and one count of showing obscene material to a minor. He faces up to 30 years in prison for the third charge.
Milliren and his attorney, Alex Courtney, both declined comment Jan. 12 after a preliminary hearing conference with an assistant district attorney.
The Pontotoc County Sheriff’s Department opened an inquiry into Milliren in June after a Byng teacher reported that she had been contacted by a student’s parent.
“The parent told [the teacher] she believed someone had hacked [the teacher’s] Snapchat account, and screen recorded about one years’ worth of images, videos, and conversations between [the teacher and her boyfriend],” Oklahoma State Bureau of Investigation Lt. Josh Dean wrote in an affidavit originally filed in Pontotoc County District Court on June 27. “The parent stated the suspect had created a Snapchat account for the purpose of adding current and former students of [the teacher]. [The teacher] was not the only victim, but there were other current and former students to include minors that were victims of this and their photos were being shared as well.”
Although an un-redacted version of the affidavit had been filed June 27, no formal charging or “information” document was submitted to the court until Jan. 11, about one week after Erik Johnson became the new district attorney for District 22, which covers Pontotoc, Seminole and Hughes counties.
“All defendants are presumed innocent until proven guilty, but we do feel like we’ve got a substantial amount of information that has been produced by OSBI during the course of their investigation that is extremely telling,” Johnson said Jan. 12.
A former assistant district attorney in Coal County, Johnson said Wednesday he did not know that Milliren has been caught with images or videos of more than 200 Byng community members.
“The only information we have received from OSBI involves the one count we have filed on,” Johnson said. “As this case develops further or we receive additional information from OSBI, there could be additional charges. I have also tasked my investigator in my office with reviewing this information and talking with the OSBI case agent.”
The Byng Public Schools District is located about seven miles north of Ada and has a student enrollment of 1,784, according to state data. Known for providing a well-rounded academic environment and strong baseball and basketball programs in rural northern Pontotoc County, the district was established more than 50 years before residents incorporated the town of Byng, which registered a population of 1,364 in the 2020 census.
According to the OSBI agent’s affidavit (embedded below), Milliren had been employed by Byng Public Schools since November 2015, when he was 18 years old. The affidavit notes that “agents also discovered computer related equipment that could have potentially allowed Milliren to intercept network traffic.”
Dean, the OSBI agent, and Pontotoc County Deputy Sheriff Derek Stewart interviewed the teacher June 21. She said she “used the same passcode or a variation thereof for her Snapchat account as she did for her Byng school’s computer login,” according to the affidavit. Milliren began accessing the teacher’s Snapchat account on June 6, 2021.
NonDoc contacted the teacher, who declined comment and asked to remain anonymous as the victim of a crime. Records indicate she resigned from teaching at Byng Public Schools in 2022.
Byng Superintendent Kevin Wilson did not return multiple messages seeking comment on the situation, such as whether parents, students and staff were told of Milliren’s alleged ability to “intercept network traffic” at the school district and the potential that hundreds of Byng community members could have had their devices compromised. (Milliren’s name was removed from the district’s website after NonDoc contacted Wilson’s office requesting an interview.)
According to the affidavit, Dean and Stewart interviewed Milliren on June 22 and took possession of two Samsung cell phones, one of which “was the same type of device listed as accessing [the teacher’s] account.”
The next day, June 23, Stewart interviewed a juvenile Byng student who “confirmed he had recently accepted an unknown friend request through Snapchat,” according to the affidavit.
“The unknown user provided [the student] with a list of individuals of whom he had nude photographs of (sic) and sent [the student] nude images of [the teacher],” according to the affidavit. “The unknown user requested [the student] to send them nude photos of other local students and staff in trade.”
On June 24, agents executed a search warrant at Milliren’s residence in Ada. The affidavit was filed June 27, with formal charges coming about six months later.
“Fortunately, the Oklahoma State Bureau of Investigation has good digital investigators that are able to prepare roadmaps for prosecutions, and we feel like we have one in this case,” said Johnson, the new district attorney.
Follow @NonDocMedia on:
Facebook | Twitter | Newsletter
DA: School districts should review IT policies annually
Meeting minutes from the Byng Public Schools board indicate that, although Milliren was under investigation in June and the OSBI affidavit was filed June 27, Milliren did not resign from the school until sometime between July 11 and Aug. 8. With two members absent, the school board voted 3-0 to accept Milliren’s resignation at an Aug. 8 meeting.
In a Jan. 12 interview, Johnson said he was still reviewing the case but that it is a serious situation and a cautionary tale.
“We do live in a digital world now, and people need to be extremely careful when they are utilizing devices like that. People that sometimes have an intent that is not in your best interest can access your digital information and expose you as an open book,” Johnson said. “I would encourage people to make sure they’ve got secure devices, change their passwords and don’t access public Wi-Fi if at all possible without having proper firewalls on their devices.”
Asked if he had spoken with Byng Public Schools leadership about the matter — and whether the district has a legal or moral obligation to tell faculty and parents about the extent of Milliren’s hacking — Johnson said he had yet to speak with Wilson or the school board after assuming office Jan. 3.
“I do intend to visit with them in the near future. I’ve always had a good relationship with the Byng superintendent and the administration at Byng. I do believe they are a well-run public school system,” Johnson said. “I would encourage all schools in District 22 to revisit their digital policies and make sure those are living, breathing documents, as opposed to a policy they might have adopted 10 years ago, because technology changes so quickly and so rapidly that that needs to be reviewed at least on a yearly basis.”
Rep. Ronny Johns (R-Ada) echoed Johnson’s remarks.
“It’s very concerning. We’ve got to be able to protect whoever gets on our servers and that kind of thing,” said Johns, a former school administrator. “It’s very concerning that someone would be able to do what he is accused of doing. We’ve got to make sure that we update all of our technology and things to make sure we protect everyone who gets on those servers.”
Johns recalled a situation from a decade ago when a local junior high school student approached a district’s administration to say he could easily hack into the school’s website to access all sorts of information.
“He was able to get into the system and network,” Johns said. “The kid showed them how he did it, and then they corrected everything to where no one would be able to do it again.”
Johns said the school ended up having the student help out in the district’s IT department.
“I think as a ninth grader as one of his electives they basically assigned him to the office and he helped teachers with computer problems,” Johns said. “I saw him not too long ago, and he is doing his own broadband company now. It was a lot of fun to talk to him.”
Johns said the Byng Public Schools situation, however, is anything other than fun.
“It’s very serious,” he said.