KSL INVESTIGATES

Documents reveal financial fallout of Salt Lake City IT security breach

Mar 31, 2022, 10:02 PM | Updated: Jun 18, 2022, 8:29 pm

SALT LAKE CITY – The case against a former Salt Lake City IT employee accused of leaking undercover police information has raised questions and concerns about how the city and its police department safeguard sensitive information.

Officials have been tight-lipped about the incident and have refused multiple interview requests since the employee’s arrest last October, citing the pending investigation and criminal case. Now, documents obtained by the KSL Investigators reveal new information that led a judge to dismiss a felony charge in the criminal case as well as the costs to taxpayers adding up in the wake of what the city calls a security breach.

Case background

Patrick Driscoll, 50, is accused of providing identifying and compromising information about undercover Salt Lake City police officers to a man accused of running a sex-trafficking ring, in exchange for money or sex.

Patrick Driscoll

Since his October arrest, Driscoll faces additional charges suggesting he participated in and benefited from the alleged criminal enterprise.

During a hearing in March, Third District Judge Chelsea Koch ruled prosecutors presented enough evidence to bind over eight of the nine charges against Driscoll for trial.

The charges include aggravated human trafficking, obstruction of justice, computer crimes, aggravated exploitation of prostitution and a pattern of unlawful activity.

‘He did so with authorization’

Koch found insufficient evidence to bind over one felony charge of computer crimes interfering with critical infrastructure.

The charge relied on a sworn statement from the city detailing efforts to assess what happened.

“The Salt Lake City individual who has been tasked with going through has indicated that there were no security breaches,” Koch said. “If there were no security breaches, then the inference the court can draw is that he did so with authorization.”

That document, obtained by the KSL Investigators through a public records request, states more than 150 databases and all public safety software systems were reviewed for potential compromises but, “none have been found.”

Salt Lake City sworn statement by LarryDCurtis

Driscoll was never an officer or an employee of the police department but still had “full access to the police department as well as all city and law enforcement databases,” according to court documents.

Koch did bind over a second computer crimes count, however, citing supporting evidence that Driscoll took home files that should have been deleted and kept police images of prostitutes that he is accused of using for his own sexual gratification.

“The distinction I make there is that while he may have had initial authorization for that, he exceeded his authorization,” Koch said.

Breach or no breach?

No employee should have “carte blanche access to everything across an IT infrastructure,” according to Earl Foote, founder and CEO of Nexus IT.

Earl Foote

Foote is a cybersecurity expert who agreed to review the document obtained by the KSL Investigators. He said he believes a breach starts with intent, regardless of one’s level of authorization.

“If (information is) accessed, you know, in accordance with that person’s daily duties and roles to help support the organization and its users, fine. There’s no nefarious activity there,” Foote said. “Once it turns into, ‘I want access for a reason beyond that, that’s personal and or to expose it to third parties,’ yes, that constitutes a breach.”

Foote said it appears the city is taking appropriate steps to respond to the incident but noted most security breaches are preventable.

“I think there’s no question here that some of the common controls and measures that should happen within an IT department probably were not as robust as they should be,” he said.

Cost to taxpayers

The city’s sworn statement reveals another side of the fallout: the cost to taxpayers.

“Cyber incidents have become astronomically expensive,” said Foote, who told KSL the average cost of a security breach in Utah is $2.5 million.

While some of the information in the document is redacted, the statement notes a $12,000 expense as well as a $34,000 expense. The latter lines up with a $34,000 purchase order obtained by the KSL Investigators for a digital forensic audit procured by the city.

The statement also estimated 2,000 hours of employee time spent responding to the breach, totaling $90,000 using a conservative average hourly rate of $45. The total cost outlined in the document, as of Dec. 2, 2021, amounts to $136,000, which Foote anticipates will grow.

“I would easily suspect this one incident to escalate into the hundreds of thousands of dollars,” he said. “Maybe half a million plus, wouldn’t surprise me at all.”

A spokesperson in the mayor’s office confirmed the city does have a cybersecurity insurance policy that predates the breach, but it’s unclear how much, if any, of the costs will be covered. The city has not yet submitted a claim.


Have you experienced something you think just isn’t right? The KSL Investigators want to help. Submit your tip at investigates@ksl.com or 385-707-6153 so we can get working for you.

RELATED STORIES:

Trial ordered for man charged with using inside police info to aid prostitution ring
Former SLC IT employee now being charged with sex trafficking in addition to giving data to trafficker
Criminal case against ex-IT employee raises questions about SLC security measures
SLC IT employee arrested after allegedly providing undercover police data to human trafficker

KSL Investigates

(KSL Illustration)...

Mike Headrick

Jan. 6 attack: How far did criminal cases against Utahns get?

19 Utahns have been charged in the January 6 breach at the U.S. Capitol.

43 minutes ago

Brandon Beckham (brandonbeckham.com)...

Daniella Rivera, KSL-TV

Former Utah Senate candidate’s ‘own actions’ lead to mistrial in sexual abuse case

A bizarre set of circumstances unfolded in a Provo courtroom this week causing a jury to be sent home mid-trial. The KSL Investigators obtained courtroom audio that sheds light on what happened.

2 days ago

The Vista Healthcare generator putting out exhaust flumes just a few yards of the Certonios home....

Matt Gephardt

A healthcare facility’s backup generator ignites neighbor dispute over its exhaust

A healthcare facility’s backup generator ignited a neighbor dispute over its exhaust, as locals are concerned about health effects.

4 days ago

Curtis Coy's dentures went missing during a hospital visit, impacting his ability to eat. So, he de...

Matt Gephardt

Get Gephardt helps Midvale man whose dentures go missing during a hospital visit

A man's dentures went missing during a hospital visit, impacting his ability to eat. So, he decided to Get Gephardt.

5 days ago

Ora Argyle said she is under financial stress due to her ex-boss making fraudulent charges. (KSL TV...

Matt Gephardt and Sloan Schrage, KSL TV

Utah woman said she’s being held liable for her ex-boss’s fraudulent spending

A Utah woman said she's being held liable for her ex-boss's fraudulent spending, so she decided to Get Gephardt.

6 days ago

Park City ski patrollers are on day four of a strike for better wages and benefits, and said they a...

Courtney Johns

Hundreds call law firms after Vail Resorts strike disrupts vacations

A class action lawsuit against Vail Resorts gains momentum as hundreds of affected customers claim the company failed to disclose impacts of a ski patrol strike, ruining their vacations.

7 days ago

Sponsored Articles

holiday gift basket with blue tissue paper and gingerbread cookies...

Kneaders Bakery & Cafe

Holiday hacks for a stress-free season

Get more out of your time with family and loved ones over the holidays by following these tips for a stress-free season.

2 computer techs in a computer shop holding up a computer server with the "hang loose" sign...

PC Laptops

A comprehensive guide to choosing the right computer

With these tips, choosing the right computer that fits your needs and your budget will be easier than ever.

crowds of people in a German style Christmas market...

This Is The Place Heritage Park

Celebrate Christkindlmarket at This Is The Place Heritage Park!

The Christkindlmarket is an annual holiday celebration influenced by German traditions and generous giving.

Image of pretty woman walking in snowy mountains. Portrait of female wearing warm winter earmuff, r...

Lighting Design

Brighten your mood this winter with these lighting tricks

Read our lighting tips on how to brighten your mood in the winter if you are experiencing seasonal affective disorder.

A kitchen with a washer and dryer and a refrigerator...

Appliance Man

Appliance Man: a trusted name in Utah’s home appliance industry

Despite many recent closures of local appliance stores, Appliance Man remains Utah's trusted home appliance business and is here to stay.

abstract vector digital social network technology background...

Les Olson

Protecting yourself against social engineering attacks

Learn more about the common types of social engineering to protect your online or offline assets from an attack.

Documents reveal financial fallout of Salt Lake City IT security breach