In late January, allegations were leveled that former Sen. Norm Coleman’s campaign faked the crash of its website, claiming droves of disenfranchised voters brought down the server seeking info on whether their votes were counted. While that charge hasn’t been definitively proven, the scrutiny by web enthusiasts exposed a bigger problem for the campaign: an unprotected database that contained information on campaign donors, including names, email and home addresses, credit card numbers and the three-digit security codes. On Tuesday, donors received an email from the website Wikileaks alerting them that the site has revealed some of the database information.
What is Wikileaks? See Chris Steller’s article for a history and description.
“We understand that Norm Coleman became aware of the leak in January,” the note reads, in part.
A link to the original database was posted in comments at the Minnesota Independent and MNPublius on January 28. I contacted the campaign then about the site crash, but never got a response.
The Wikileaks email also included a link to the Minnesota statute that requires entities using “data that includes personal information” to “disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of this state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”
This disclosure, the statute states, “must be made in the most expedient time possible and without unreasonable delay …”
“The information has been passed around out of public view,” the email continues. “We have sent you this note as a curtesy [sic] in case Norm Coleman has not contacted you previously.”
In line with our policy of completely neturality for whistleblowers and political sources, the material will be treated impartially. We support all those who engage in the struggle for political reform and wish you well.
A second email includes a link to an Excel spreadsheet that shows donor names, addresses, employers, the last four digits of each credit card and the CSC security code (the spreadsheet protects the full credit card numbers, but the original database, exposed in January, didn’t). A second spreadsheet, which appears to be part of the campaign’s get-out-the-vote efforts, includes less revealing information about supporters.
Update: The Hill indicates that it’s been in contact with the Coleman campaign which aknowledged “that the private information of its supporters has probably been breached and is encouraging them to cancel their credit cards.”
Campaign spokesman Cullen Sheehan wrote in an email to supporters that that there was no “evidence that our database was downloaded by any unauthorized party,” but he doesn’t dispute the possibility that security has been breached. Several IT professionals interviewed by the Minnesota Independent in late January revealed they had downloaded the database, which was not password protected. This fact seems to contradict Sheehan’s report about findings by federal authorities looking into the case. They “did not find evidence that our database was downloaded by any unauthorized party.”
“At this point, we don’t know if last evening’s e-mail is a political dirty trick or what the objective is of the person who sent the e-mail,” he added.
More as this story develops.