KSL INVESTIGATES

Documents reveal financial fallout of Salt Lake City IT security breach

Mar 31, 2022, 10:02 PM | Updated: Jun 18, 2022, 8:29 pm

SALT LAKE CITY – The case against a former Salt Lake City IT employee accused of leaking undercover police information has raised questions and concerns about how the city and its police department safeguard sensitive information.

Officials have been tight-lipped about the incident and have refused multiple interview requests since the employee’s arrest last October, citing the pending investigation and criminal case. Now, documents obtained by the KSL Investigators reveal new information that led a judge to dismiss a felony charge in the criminal case as well as the costs to taxpayers adding up in the wake of what the city calls a security breach.

Case background

Patrick Driscoll, 50, is accused of providing identifying and compromising information about undercover Salt Lake City police officers to a man accused of running a sex-trafficking ring, in exchange for money or sex.

Patrick Driscoll

Since his October arrest, Driscoll faces additional charges suggesting he participated in and benefited from the alleged criminal enterprise.

During a hearing in March, Third District Judge Chelsea Koch ruled prosecutors presented enough evidence to bind over eight of the nine charges against Driscoll for trial.

The charges include aggravated human trafficking, obstruction of justice, computer crimes, aggravated exploitation of prostitution and a pattern of unlawful activity.

‘He did so with authorization’

Koch found insufficient evidence to bind over one felony charge of computer crimes interfering with critical infrastructure.

The charge relied on a sworn statement from the city detailing efforts to assess what happened.

“The Salt Lake City individual who has been tasked with going through has indicated that there were no security breaches,” Koch said. “If there were no security breaches, then the inference the court can draw is that he did so with authorization.”

That document, obtained by the KSL Investigators through a public records request, states more than 150 databases and all public safety software systems were reviewed for potential compromises but, “none have been found.”

Salt Lake City sworn statement by LarryDCurtis

Driscoll was never an officer or an employee of the police department but still had “full access to the police department as well as all city and law enforcement databases,” according to court documents.

Koch did bind over a second computer crimes count, however, citing supporting evidence that Driscoll took home files that should have been deleted and kept police images of prostitutes that he is accused of using for his own sexual gratification.

“The distinction I make there is that while he may have had initial authorization for that, he exceeded his authorization,” Koch said.

Breach or no breach?

No employee should have “carte blanche access to everything across an IT infrastructure,” according to Earl Foote, founder and CEO of Nexus IT.

Earl Foote

Foote is a cybersecurity expert who agreed to review the document obtained by the KSL Investigators. He said he believes a breach starts with intent, regardless of one’s level of authorization.

“If (information is) accessed, you know, in accordance with that person’s daily duties and roles to help support the organization and its users, fine. There’s no nefarious activity there,” Foote said. “Once it turns into, ‘I want access for a reason beyond that, that’s personal and or to expose it to third parties,’ yes, that constitutes a breach.”

Foote said it appears the city is taking appropriate steps to respond to the incident but noted most security breaches are preventable.

“I think there’s no question here that some of the common controls and measures that should happen within an IT department probably were not as robust as they should be,” he said.

Cost to taxpayers

The city’s sworn statement reveals another side of the fallout: the cost to taxpayers.

“Cyber incidents have become astronomically expensive,” said Foote, who told KSL the average cost of a security breach in Utah is $2.5 million.

While some of the information in the document is redacted, the statement notes a $12,000 expense as well as a $34,000 expense. The latter lines up with a $34,000 purchase order obtained by the KSL Investigators for a digital forensic audit procured by the city.

The statement also estimated 2,000 hours of employee time spent responding to the breach, totaling $90,000 using a conservative average hourly rate of $45. The total cost outlined in the document, as of Dec. 2, 2021, amounts to $136,000, which Foote anticipates will grow.

“I would easily suspect this one incident to escalate into the hundreds of thousands of dollars,” he said. “Maybe half a million plus, wouldn’t surprise me at all.”

A spokesperson in the mayor’s office confirmed the city does have a cybersecurity insurance policy that predates the breach, but it’s unclear how much, if any, of the costs will be covered. The city has not yet submitted a claim.


Have you experienced something you think just isn’t right? The KSL Investigators want to help. Submit your tip at investigates@ksl.com or 385-707-6153 so we can get working for you.

RELATED STORIES:

Trial ordered for man charged with using inside police info to aid prostitution ring
Former SLC IT employee now being charged with sex trafficking in addition to giving data to trafficker
Criminal case against ex-IT employee raises questions about SLC security measures
SLC IT employee arrested after allegedly providing undercover police data to human trafficker

KSL 5 TV Live

KSL Investigates

Matt Luers says the "No Soliciting" sign at his Sandy home is hard to miss, but solicitors continue...

Matt Gephardt & Sloan Schrage

What are the rules & your rights when ‘No Soliciting’ signs don’t keep salespeople at bay?

While many Utahns put up signs to keep solicitors from knocking on their doors, a man in Sandy says the knocks keep coming. He decided to Get Gephardt, who explores what those signs really mean.

12 months ago

Car driving...

Matt Gephardt

How you can lower your car insurance costs even as rates continue to climb

It would be a good time to double check with your insurance agent and make sure you are getting all the discounts available to you. Auto insurance rates are catching up with the costs of, well, everything that has gone up thanks to inflation.

12 months ago

For months, the KSL Investigators have examined why only a small fraction of reported sexual assaul...

Daniella Rivera and Keira Farrimond

The challenge of consent: Utah’s rape law & low prosecution rate

“Listen up,” Rayley Wadsworth pleaded with social media users in a video filmed inside a stationary car last month. “If you’re in Utah, or a woman in Utah, please listen for just a second.”

12 months ago

(KSL TV)...

Matt Gephardt and Cindy St. Clair

Layton woman struggles to claim money owed to her from her dissolved business

Utah's Unclaimed Property Division has millions of dollars that it wants to reconnect with the rightful owner. But for a Layton woman, getting her money back has been easier said than done. So she decided it was time to Get Gephardt.

12 months ago

Hopes that were lost as part of a land collapse. (KSL TV/Chopper 5)...

Mike Headrick and Cindy St. Clair

Draper City: Building laws make it hard to say ‘no’ to risky development

The question was posed to KSL Investigators — how could Draper City allow development on hazardous land? It turns out, saying “no” is a difficult option.

12 months ago

(KSL TV)...

Matt Gephardt and Sloan Schrage

Get Gephardt helps Utahn get refund for not-delivered TV

If you pay hundreds of dollars for a new TV, you expect to GET the TV. But when a West Jordan woman couldn't get her TV or a refund, it was time to Get Gephardt.

12 months ago

Sponsored Articles

Stack of old laptops with dark background...

PC Laptops

Old Laptop Upgrades You Need to Try Before Throwing it Away

Get the most out of your investment. Try these old laptop upgrades before throwing it out to keep it running fast and efficient.

Happy diverse college or university students are having fun on their graduation day...

BYU MBA at the Marriott School of Business

How to Choose What MBA Program is Right for You: Take this Quiz Before You Apply!

Wondering what MBA program is right for you? Take this quiz before you apply to see if it will help you meet your goals.

Close up of an offset printing machine during production...

Les Olson IT

Top 7 Reasons to Add a Production Printer to Your Business

Learn about the different digital production printers and how they can help your company save time and money.

vintage photo of lighting showroom featuring chandeliers, lamps, wall lights and mirrors...

Lighting Design

History of Lighting Design | Over 25 Years of Providing Utah With the Latest Trends and Styles

Read about the history of Lighting Design, a family-owned and operated business that paved the way for the lighting industry in Utah.

Fiber Optical cables connected to an optic ports and Network cables connected to ethernet ports...

Brian Huston, CE and Anthony Perkins, BICSI

Why Every Business Needs a Structured Cabling System

A structured cabling system benefits businesses by giving you faster processing speeds and making your network more efficient and reliable.

notebook with password notes highlighted...

PC Laptops

How to Create Strong Passwords You Can Actually Remember

Learn how you can create strong passwords that are actually easy to remember! In a short time you can create new ones in seconds.

Documents reveal financial fallout of Salt Lake City IT security breach