Breach, Compliance Management, Data Security, Privacy, Security Strategy, Plan, Budget

Senatorial campaign data breach documents leaked

The campaign of Norm Coleman, the Minnesota Republican senator locked in a vicious recount battle to retain his seat, told political donors on Wednesday that they should cancel their credit cards after financial information of contributors was posted online.

Wikileaks.org, a site that anonymously publishes submissions from whistleblowers, released credit card details of some 4,700 of Coleman's supporters and donors after being notified of the issue. Apparently the list had been available for download from the senator's own site in January, and the campaign never notified the victims until after it was posted Tuesday.

In an email to Wikileaks, the whistleblower said: “The citizens and donors have a right to know that their personal information was exposed.”

The email also maintained that “notification to users of such exposure of personal information is required under the Minnesota Government Data Practices Act…however, the Coleman campaign has made no attempt to contact their supporters over the issue, despite being made aware of it, and despite the database floating around the internet.”

Wikileaks said in a statement that it was notifying victims to ensure they are aware of the breach.

Cullen Sheehan, Coleman's campaign manager, on Wednesday issued a statement calling for a federal law-enforcement investigation. He said donors and non-donors -- merely supporters who had not given any credit card information to the campaign -- both had received emails stating the sender possessed information about the recipient and was threatening to post it online.

"At this point, we don't know if (Tuesday) evening's email is a political dirty trick or what the objective is of the
person who sent the email," the statement said. "What we do know, however, is that there is a strong likelihood that these individuals have found a way to breach private and confidential information."

Industry experts said Coleman's online administrator could be to blame.

“At the end of the day you need to close all the doors to your data, and protect all the doors, and you need to know who is doing what,” Adam Bosnian, VP products and strategy at identity and access management company Cyber-Ark Software, told SCMagazineUS.com Wednesday. "Once the horse has left the barn, you've lost all control of it."

Coleman has filed a lawsuit, challenging the Minnesota Canvassing Board's certification that Al Franken won November's election by 225 votes. Coleman argues that some of the uncounted absentee ballots should not have been rejected. A state court is expected to make a decision soon.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.