A federal technology manager admitted Thursday to conspiring with a former acting inspector general of the U.S. Department of Homeland Security to steal a database managing more than 150,000 internal investigations and containing personal data of nearly 250,000 DHS employees, court filings show.
The manager gave copies of the database — valued at more than $3.1 million and including “critical, confidential information,” a federal judge said at a plea hearing — to a former DHS acting inspector general to develop a commercial version of the management system and sell that back to other government agencies.
Sonal Patel, 44, of Sterling, Va., faces a maximum penalty of five years in prison after pleading guilty to one count of conspiracy to commit theft of government property, and agreeing to cooperate with prosecutors regarding a scheme that ran from 2014 to 2017.
“I plead guilty,” said Patel, who was accompanied by attorney Thomas C. Hillin court.
U.S. District Judge Rosemary M. Collyer of Washington accepted the plea and set a hearing date for June 5.
As part of a plea deal, Collyer agreed to delay sentencing while Patel cooperates with prosecutors with the U.S. attorney’s office for the District of Columbia and the Justice Department’s public integrity section. Under the deal, prosecutors agreed not to charge Patel with any other offenses.
“Our expectation is that Ms. Patel will be cooperating for the next at least five to six months,” after which the government may consider requesting leniency, said Assistant U.S. Attorney David B. Kent, who is handling the case with Justice Department trial attorney Victor R. Salgado.
Officials did not name “Co-Conspirator 1” in court papers, but detailed a government work history and identified an associated Maryland business that the person founded.
A former DHS acting inspector general whose biography appears to match the court filings and appears to have founded a business of the same name, according to online corporate records, did not return telephone messages Thursday seeking an interview.
According to plea filings, Patel worked as a branch chief in the information technology division of the inspector general’s office and oversaw the development and maintenance of its Enforcement Database System, which was modeled after a similar inspector-general system with the U.S. Postal Service, where Patel worked before 2009.
From October 2014 until 2017, Patel “used your position within the Department of Homeland Security’s Office of Inspector General to access and create copies of EDS’s source code, [the] database and personal identifying information” of DHS and Postal Service employees “to provide to co-conspirators to develop a private, commercial version of ‘EDS 2.0,’ ” Collyer said, reciting the government’s evidence.
Patel’s partners worked to develop and sell a commercial version to the U.S. Agriculture Department, Collyer said.
Patel in court papers acknowledged instructing a subordinate to send her directions on how to install the copy, and steering the Agriculture Department inspector general’s office to using the commercial version instead of the free government version. In June 2016, her plea statement said, she handed two DVDs with copied data to Co-Conspirator 1 “on the side of the road” before the latter boarded a flight from Dulles International Airport to meet with software developers in India.
The government cited email correspondence from Patel’s work and personal accounts and online meetings in June 2016 and March 2017 between her, Co-Conspirator 1 and an Indian-based software development company, which the conspirator’s company had allegedly contracted to develop a private version of the DHS investigation case-management system.
Court filings also show that Co-Conspirator 1 worked at DHS from February 2008 until 2013, including as acting inspector general, and before that at the Transportation Security Administration and the Postal Service, where he supervised Patel.
Prosecutors said Patel also worked with a subordinate, identified only as “Co-Conspirator 2,” on the database system. In total, the three obtained personal data on about 246,167 DHS employees and 6,723 Postal Service employees, prosecutors assert.
The database included tracking information for all investigations into allegations of criminal, civil or administrative wrongdoing by DHS workers, contractors, grant recipients, beneficiaries and other associated entities between 2002 and 2017, the department said in a January 2018 privacy notice.