We study data-poisoning attacks using a machine teaching framework. For a family of NP-hard attack problems we pose them as submodular function maximization, thereby inheriting efficient greedy algorithms with theoretical guarantees. We demonstrate some attacks with experiments