March 11, 2009

Senatorial campaign data breach documents leaked

The campaign of Norm Coleman, the Minnesota Republican senator locked in a vicious recount battle to retain his seat, told political donors on Wednesday that they should cancel their credit cards after financial information of contributors was posted online.

Wikileaks.org, a site that anonymously publishes submissions from whistleblowers, released credit card details of some 4,700 of Coleman's supporters and donors after being notified of the issue. Apparently the list had been available for download from the senator's own site in January, and the campaign never notified the victims until after it was posted Tuesday.

In an email to Wikileaks, the whistleblower said: “The citizens and donors have a right to know that their personal information was exposed.”

The email also maintained that “notification to users of such exposure of personal information is required under the Minnesota Government Data Practices Act…however, the Coleman campaign has made no attempt to contact their supporters over the issue, despite being made aware of it, and despite the database floating around the internet.”

Wikileaks said in a statement that it was notifying victims to ensure they are aware of the breach.

Cullen Sheehan, Coleman's campaign manager, on Wednesday issued a statement calling for a federal law-enforcement investigation. He said donors and non-donors -- merely supporters who had not given any credit card information to the campaign -- both had received emails stating the sender possessed information about the recipient and was threatening to post it online.

"At this point, we don't know if (Tuesday) evening's email is a political dirty trick or what the objective is of the
person who sent the email," the statement said. "What we do know, however, is that there is a strong likelihood that these individuals have found a way to breach private and confidential information."

Industry experts said Coleman's online administrator could be to blame.

“At the end of the day you need to close all the doors to your data, and protect all the doors, and you need to know who is doing what,” Adam Bosnian, VP products and strategy at identity and access management company Cyber-Ark Software, told SCMagazineUS.com Wednesday. "Once the horse has left the barn, you've lost all control of it."

Coleman has filed a lawsuit, challenging the Minnesota Canvassing Board's certification that Al Franken won November's election by 225 votes. Coleman argues that some of the uncounted absentee ballots should not have been rejected. A state court is expected to make a decision soon.

Related Articles
Related Topics
Related Links
close

Next Article in News

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.