Overcast 		22°F   Wind Chill: 11°F
Overcast
 
LOCAL NEWS

Coleman urges donors to cancel credit cards after purported data breach


Norm Coleman at the Senate recount trial in St. Paul
Share
Updated: 11 months ago
 Advertisement

ST. PAUL, Minn. -- If you donated online to Norm Coleman's 2008 Senate campaign, or his recount efforts, you should call and cancel the credit card you used to make that donation.

That was the simple advice from the Coleman campaign on Wednesday, which hurried to notify donors of an apparent security breach in the computer server where the private information of online contributors is stored.

That breach, which most likely occurred January 28th of this year, became more obvious Wednesday afternoon when lists of those donors and partial credit card numbers popped up on the Internet.

"I can't tell you how it pains us to have to tell people that," Coleman recount attorney Fritz Knaak told KARE, "But obviously that's the whole idea, that kind of infliction of harm on our relationship with contributors and supporters is exactly what's intended by this."

Coleman's campaign manager Cullen Sheehan said the Secret Service is investigating the incursion into the data server, which housed a database 4,700 donors.  He said it had been compromised most likely by hackers stealing the information via the Internet.

The stolen information included credit card numbers and purchase security codes, in addition to the names, phone numbers, addresses, e-mail addresses and occupations of the givers.  

On the web already

By Wednesday afternoon the list had been posted on a political website known as WikiLeaks, which is run by a nonprofit group with the stated goal of creating a "uncensorable Wikipedia for untraceable mass document leaking and analysis."

The downloadable spreadsheets listed the donors' credit card types, but only 12 of the 16 digits in the credit card number. It wasn't enough by itself to commit fraud, but it was offered as proof  that the information is quite possibly in the wrong hands.

The Internet thieves also took a database of 51,000 others identified as supporters, which included even journalists who subscribed to the campaign's electronic newsletters. That list was also posted as a downloadable document on the site.

WikiLeaks did not explain how it came to possess the data, but apparently used the donors' information to tip them off about the breach.

Dozens of Coleman faithful on Tuesday night received e-mails from WikiLeaks informing them,"Your name, address and other details appear on a membership list leaked to us from the Norm Coleman Senate campaign."

Political attack alleged

The document leaking site claims to have a "primary interest is in exposing oppressive regimes" around the world, but the Coleman campaign sees it as a blatant attack on the former Senator's ability to raise money for the current election contest trial in Saint Paul.

"We believe this is a politically motivated attack," Knaak remarked, "We believe it's a basically an assault on the whole political system essentially."

The Senator himself, in a brief statement to reporters after Wednesday's court session, echoed that sentiment.

"I think it will have a very debilitating effect," he told reporters, "I find it to be frightening, I find it to be scary and I'm obviously disappointed."

Coleman said he's confident the Secret Service will solve the case and punish those who are behind it. That agency, part of the U.S. Department of Treasury, was already investigating an attempted invasion of Coleman's servers.

Click here to read the full statement from the Coleman campaign

Connected to January crash

When Coleman's campaign website crashed January 28th, his staff became concerned someone was trying to hack into it.  The initial assessment was that the hackers had failed, according to Knaak, and that's why the campaign didn't alert donors at the time about any credit card security concerns.

"The Secret Service did a forensic lab evaluation of the server itself, of the logs, " Knaak explained, "And they indicated to us it did not appear that any download had occurred at all, although people had tried."

The data posted on the web is current as of January 28th, according to WikiLeaks, leaving the impression the data was copied at the time of the crash.   How difficult it was to grab the data remained in question Wednesday night.

The WikiLeak e-mail quoted a blog by Minneapolis technology consultant Adria Richards, who said she quickly reached private information on Coleman's website in January after she read about the site crashing because of an attempted breach.

She posted freeze frames of what she found on her blog, but said she didn't download the database or try to open it.

"I'm not a hacker," Richards told the Associated Press, "My goal is not to dig into other peoples' insecurities, but just to identify them." 

By John Croman, KARE 11 News

(Copyright 2009 by KARE. All Rights Reserved.)   

(Copyright 2009 by The Associated Press. All Rights Reserved.)

Check out our KARE family of Web sites:
  takeKARE   Metromix
  Moms Like Me   Minnesota Bound
  Showcase Minnesota    


Advertisement
Video

MORE HEADLINES

Target pulls Valentine's toys over lead concerns 40 mins ago
Snow forces Mpls. to limit street parking 1 hr ago
Swappin' ski gear for swimsuit: Vonn dresses down for SI 2 hrs ago
Bush is back... on Minn. billboard, anyway 2 hrs ago
Mn/DOT keeps an eye on the roads 2 hrs ago
Find out Olympics programming for each night 3 hrs ago
Capitol coalition aims to make streets safe 5 hrs ago
Train derails in Wisconsin, no one injured 6 hrs ago
Remember when snow was fun? These students do! 6 hrs ago
Coalition-backed bill aims to make streets safer 8 hrs ago
Advertisement

       

8811 Olson Memorial Hwy, Minneapolis, MN 55427
KARE-11 is a Division of Multimedia Holdings Corporation ©1998-2010 KARE-11 All Rights Reserved