Documents reveal financial fallout of Salt Lake City IT security breach

Mar 31, 2022, 10:02 PM | Updated: Jun 18, 2022, 8:29 pm

SALT LAKE CITY – The case against a former Salt Lake City IT employee accused of leaking undercover police information has raised questions and concerns about how the city and its police department safeguard sensitive information.

Officials have been tight-lipped about the incident and have refused multiple interview requests since the employee’s arrest last October, citing the pending investigation and criminal case. Now, documents obtained by the KSL Investigators reveal new information that led a judge to dismiss a felony charge in the criminal case as well as the costs to taxpayers adding up in the wake of what the city calls a security breach.

Case background

Patrick Driscoll, 50, is accused of providing identifying and compromising information about undercover Salt Lake City police officers to a man accused of running a sex-trafficking ring, in exchange for money or sex.

Patrick Driscoll

Since his October arrest, Driscoll faces additional charges suggesting he participated in and benefited from the alleged criminal enterprise.

During a hearing in March, Third District Judge Chelsea Koch ruled prosecutors presented enough evidence to bind over eight of the nine charges against Driscoll for trial.

The charges include aggravated human trafficking, obstruction of justice, computer crimes, aggravated exploitation of prostitution and a pattern of unlawful activity.

‘He did so with authorization’

Koch found insufficient evidence to bind over one felony charge of computer crimes interfering with critical infrastructure.

The charge relied on a sworn statement from the city detailing efforts to assess what happened.

“The Salt Lake City individual who has been tasked with going through has indicated that there were no security breaches,” Koch said. “If there were no security breaches, then the inference the court can draw is that he did so with authorization.”

That document, obtained by the KSL Investigators through a public records request, states more than 150 databases and all public safety software systems were reviewed for potential compromises but, “none have been found.”

Salt Lake City sworn statement by LarryDCurtis

Driscoll was never an officer or an employee of the police department but still had “full access to the police department as well as all city and law enforcement databases,” according to court documents.

Koch did bind over a second computer crimes count, however, citing supporting evidence that Driscoll took home files that should have been deleted and kept police images of prostitutes that he is accused of using for his own sexual gratification.

“The distinction I make there is that while he may have had initial authorization for that, he exceeded his authorization,” Koch said.

Breach or no breach?

No employee should have “carte blanche access to everything across an IT infrastructure,” according to Earl Foote, founder and CEO of Nexus IT.

Earl Foote

Foote is a cybersecurity expert who agreed to review the document obtained by the KSL Investigators. He said he believes a breach starts with intent, regardless of one’s level of authorization.

“If (information is) accessed, you know, in accordance with that person’s daily duties and roles to help support the organization and its users, fine. There’s no nefarious activity there,” Foote said. “Once it turns into, ‘I want access for a reason beyond that, that’s personal and or to expose it to third parties,’ yes, that constitutes a breach.”

Foote said it appears the city is taking appropriate steps to respond to the incident but noted most security breaches are preventable.

“I think there’s no question here that some of the common controls and measures that should happen within an IT department probably were not as robust as they should be,” he said.

Cost to taxpayers

The city’s sworn statement reveals another side of the fallout: the cost to taxpayers.

“Cyber incidents have become astronomically expensive,” said Foote, who told KSL the average cost of a security breach in Utah is $2.5 million.

While some of the information in the document is redacted, the statement notes a $12,000 expense as well as a $34,000 expense. The latter lines up with a $34,000 purchase order obtained by the KSL Investigators for a digital forensic audit procured by the city.

The statement also estimated 2,000 hours of employee time spent responding to the breach, totaling $90,000 using a conservative average hourly rate of $45. The total cost outlined in the document, as of Dec. 2, 2021, amounts to $136,000, which Foote anticipates will grow.

“I would easily suspect this one incident to escalate into the hundreds of thousands of dollars,” he said. “Maybe half a million plus, wouldn’t surprise me at all.”

A spokesperson in the mayor’s office confirmed the city does have a cybersecurity insurance policy that predates the breach, but it’s unclear how much, if any, of the costs will be covered. The city has not yet submitted a claim.

Have you experienced something you think just isn’t right? The KSL Investigators want to help. Submit your tip at investigates@ksl.com or 385-707-6153 so we can get working for you.


Trial ordered for man charged with using inside police info to aid prostitution ring
Former SLC IT employee now being charged with sex trafficking in addition to giving data to trafficker
Criminal case against ex-IT employee raises questions about SLC security measures
SLC IT employee arrested after allegedly providing undercover police data to human trafficker

KSL 5 TV Live

Top Stories

KSL Investigates

Matt Gephardt & Sloan Schrage

Get Gephardt: How cybercriminals use social engineering to get us to hand over our sensitive info

You can have the strongest, most secure password in the history of cybersecurity, but the bad guys know there is one weakness they can use to hack into your system - you!
6 months ago
Delric Ellington and Kael Ellington talk about a stray bullet that entered their Salt Lake City hom...
Annie Knox and Daniella Rivera, KSL TV

Amid increase in youth shooting deaths, Utah pediatricians push for tougher gun laws

The number of Utah children and teens killed by gunfire reached a record high in 2020, in part because of a spike in homicides. Two Utah pediatricians are calling on the state to pass what they see as solutions to the troubling trend.
6 months ago
Albee Bostrom and Sissy McDade turned their love of thrift store shopping into a business: Thrift H...
Matt Gephardt

Gephardt Busts Inflation: Second-hand shopping, selling surge as Utahns try to beat rising prices

Data shared with the KSL investigators shows Utahns are trying to bring in more money and reduce spending as they try to bust inflation.
6 months ago
Bry Hansen visits his son's grave in South Jordan. (Tanner Siegworth/KSL TV)...
Annie Knox and Daniella Rivera, KSL TV

The number of Utah kids and teens dying by gunfire hit a record high in 2020

The state hit a devastating milestone in 2020, recording the highest-ever number of shooting deaths among Utahns 18 and younger.
6 months ago
Matt Gephardt & Sloan Schrage

Get Gephardt: What can you do if you pay someone to do work but they disappear with your money?

Imagine paying a deposit only to have them take your money and ghost you.
6 months ago
Photo illustration (Photo by Matt Cardy/Getty Images)...
Matt Gephardt

Get Gephardt: Your credit card can up your interest rate without telling you

If your credit card company raises your interest rate even just a little bit, it could have a significant impact on how long it takes you to get out of debt. A relatively new law means your credit card company can do just that and they do not even have to give you the heads up.
6 months ago

Sponsored Articles

Hand turning a thermostat knob to increase savings by decreasing energy consumption. Composite imag...
Lighting Design

5 Lighting Tips to Save Energy and Money in Your Home

Advances in lighting technology make it easier to use smart features to cut costs. Read for tips to save energy by using different lighting strategies in your home.
Portrait of smiling practitioner with multi-ethnic senior people...
Summit Vista

How retirement communities help with healthy aging

There are many benefits that retirement communities contribute to healthy aging. Learn more about how it can enhance your life, or the life of your loved ones.
Happy diverse college or university students are having fun on their graduation day...
BYU MBA at the Marriott School of Business

How to choose what MBA program is right for you: Ask these questions before you apply!

Wondering what MBA program is right for you? Take this quiz before you apply to see if it will help you meet your goals.
Cloud storage technology with 3d rendering drawer with files in cloud...
PC Laptops

How backing up your computer can help you relieve stress

Don't wait for something bad to happen before backing up your computer. Learn how to protect your data before disaster strikes.
young woman with stickers on laptop computer...
Les Olson

7 ways print marketing materials can boost your business

Custom print marketing materials are a great way to leave an impression on clients or customers. Read for a few ideas to spread the word about your product or company.
young woman throwing clothes to organize a walk in closet...
Lighting Design

How to organize your walk-in closet | 7 easy tips to streamline your storage today

Read our tips to learn how to organize your walk-in closet for more storage space. These seven easy tips can help you get the most out of your space.
Documents reveal financial fallout of Salt Lake City IT security breach