Norm Coleman’s legal drama took an interesting turn yesterday, when Wikileaks.org posted spreadsheets of campaign databases, which contained redacted credit card numbers, confidential security codes, and personal contact information of supporters and contributors which were left exposed after the campaign faked a website crash.
The Coleman campaign’s screw up was revealed back in January by Adria Richards, who stumbled upon the database file while investigating whether the Coleman website crash was faked. In the video above, Adria explains how she found the database.
I had to see what all the fuss was about. Was there really an attempt to bring down the website due to political unrest with these ballots in my state? Were the allegations of a poorly coded website true?
What I got instead was a plain text listing of directories…
Wowza. As I was tooling around in the directories, I saw a database file. I thought, "That’s not right." I began taking screenshots and uploading them to Flickr. I didn’t know what the database contained but hoped there wasn’t financial information in that database. I figured it was a list of email addresses for Norm Coleman supporters and staff but I did not download it find out.
Although Adria didn’t download the file, it was exposed for several hours before the Coleman camp fixed the breach, during which time anybody could have downloaded the database.
Why is this important?
Because the Coleman campaign broke the law.
Minnesota law makes it illegal to retain "card security code data" that are used to authenticate transactions and prevent credit card fraud. The Coleman campaign stored the "back of the card" security numbers of its donors beyond the 48 hour window allowed by the law.
The Coleman campaign may have violated another state law, when they chose not to inform contributors that they’re personal and financial information was potentially compromised. By their own admission, the Coleman campaign was aware of the potential breach for well over a month, but didn’t feel it necessary to inform donors until yesterday.
The Minnesota Independent contacted some of the donors whose information was compromised:
Most had not heard about the breach until contacted by MnIndy. A few said they had heard by email from Wikileaks.org or the Coleman campaign. One stated that he feared a recent unauthorized withdrawal from his bank account was related to the breach.
Here is a sample of the more than 60 reactions the Minnesota Independent has received so far…
"The first I heard of the leak was in an email this morning from Coleman’s campaign. Very perturbed to say the least that this was not brought to my attention earlier." –Kelly Eull
"I had not heard about this leak from any source until your email. Which is REALLY pathetic." –Simon Thomas
"I can’t believe it. … I’m in a state of shock." –Jerry Missel
We can’t believe it either…
A reporter asked [Coleman attorney Fritz] Knaak if he thought this was a hack performed by partisan opponents. "Who else?" he asked rhetorically. "I honestly think that if this were the so-called Russian Mafia or someone else, you wouldn’t be seeing it on a Web site."