All Norm Coleman Donors: Cancel Your Credit Cards
It’s been a bad four months for the Coleman campaign, and now this. Reporting is pretty confused, but an email went out to all Norm Coleman online donors that their credit card information got accidentally posted to a public area of the site.
But that email wasn’t sent from the Coleman campaign. It was sent from wikileaks.org, which are now reposting that public information, with all but the last four digits of the credit card numbers redacted.
Norm Coleman’s Senate campaign said Wednesday that the private information of its supporters has probably been breached and is encouraging them to cancel their credit cards.
Coleman backers began receiving e-mails Tuesday night from an e-mail address at wikileaks.org stating that it possessed personal information about them and was preparing to post it online.
The same address stated in an e-mail early Wednesday morning that “we have discovered that all on-line Coleman contributors had their full credit card details released onto the Internet on 28 of [January], 2009, by Coleman’s staff.”
Coleman’s campaign followed with an e-mail Wednesday morning that said the campaign became worried that its firewalls had been breached in January.
“We contacted federal authorities at that time, and they reviewed logs from the server in question as well as additional firewall logs,” campaign manager Cullen Sheehan said. “They indicated that, after reviewing those logs, they did not find evidence that our database was downloaded by any unauthorized party.
“Let me be very clear: At this point, we don’t know if last evening’s e-mail is a political dirty trick or what the objective is of the person who sent the e-mail.
What’s hairy about this for Coleman is that, despite the above “well maybe it was wikileaks that was behind it?” allusion, it was actually wikileaks that informed the donors (and they didn’t pull their emails out of thin air). In fact, from what it looks like, it was the Coleman campaign that screwed up, way back in January, and since that time Wikileaks discovered it, and sent out emails to the Coleman campaign that never got replies, leading Wikileaks to eventually call the donors directly. Good reporting on it here, with a twist. Wikileaks claims that the Coleman campaign was aware of the breach, and has been aware of the breach, since January, and that…
The Wikileaks email also included a link to the Minnesota statute that requires entities using “data that includes personal information” to “disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of this state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.”
This disclosure, the statute states, “must be made in the most expedient time possible and without unreasonable delay …”
“The information has been passed around out of public view,” the email continues. “We have sent you this note as a courtesy in case Norm Coleman has not contacted you previously.”
If that’s the case, Coleman’s campaign might actually be legally liable, and it was Wikileaks that was working to protect the public. At least that’s what it looks like.