Comments on: ‘Crashgate’ reveals unprotected donor database on Coleman’s site

By: MJB784533

MJB784533 — Wed, 25 Mar 2009 17:16:14 +0000

The question of whether the site was hacked or if any card data was published on the web is no longer the main point. This information discloses that the Coleman campaign retained the verification code numbers that are usually on the back of the card. The mere fact that they retained these code numbers is itself a violation of Minnesota law AND the agreement contracts with the credit card organizations. Forget about the possible hacking, forget about who might have done or not done it. The fact remains that the retention of these code numbers alone puts the Coleman campaign in violation of the law.

“No person or entity conducting business in Minnesota… shall retain the card security code data, the PIN verification code data, or the full contents of any track of magnetic stripe data,” says state statute 325E.64. “A person or entity is in violation of this section if its service provider retains such data subsequent to the authorization of the transaction.”

By: Privacy Lives » Blog Archive » InfoWorld: Beyond the Norm: Coleman’s data leak disaster

Tue, 17 Mar 2009 09:35:32 +0000

[...] that evening, the Independent reported Richards’ findings that an unsecured donor database was stored on the Coleman site. A few hours after that, the page containing that database was [...]

By: Aneesh

Aneesh — Mon, 16 Mar 2009 18:22:39 +0000

Why are they storing unencrypted credit card numbers?? Their webmaster or DBA has failed Security 101. Even if the database is leaked, the worst that should happen is that *encrypted* CC numbers are leaked, which don’t give away anything unless you know the encryption key (which should not be in that database).

By: Tynan on Tech » Beyond the Norm: Coleman’s data leak disaster

Tynan on Tech » Beyond the Norm: Coleman’s data leak disaster — Thu, 12 Mar 2009 20:57:19 +0000

[...] that evening, the Independent reported Richards’ findings that an unsecured donor database was stored on the Coleman site. A few hours after that, the page containing that database was [...]

By: News Day: Coleman cyber-follies / Middle class pays more /Snowing the recount / Somali youth / Cops hate Sara Jane / more « Mary Turck

Thu, 12 Mar 2009 14:42:28 +0000

[...] campaign, which violated basic on-line security procedures. The unprotected Coleman database was discovered in January, and the campaign was notified by the Minnesota Independent, which has done outstanding reporting [...]

By: Whoops

Whoops — Thu, 12 Mar 2009 07:56:01 +0000

Smooth move, VISI.

By: Sen Coleman: Leaking credit card data of 50,000+ contributers!! « The Fruit Fly

Wed, 11 Mar 2009 21:05:57 +0000

[...] indicate that people were at accessing the directory that contained this database. How do I know? There’s screenshots that [...]

By: We’ve got more drama in Minnesota than all y’all combined | Bekiyrah

Wed, 11 Mar 2009 16:14:25 +0000

[...] brought down his campaign website? Anyway, his dumb, unimpressive fake crash stunt left a database full of info on supporters/donors unprotected and free for anyone to download, including information such as unencrypted credit card [...]

By: Coleman Campaign Lying About Database, Broke Minnesota Law, Likely Will Get Fined | MNpublius.com

Wed, 11 Mar 2009 16:00:55 +0000

[...] indicate that people were at accessing the directory that contained this database. How do I know? There’s screenshots that [...]

By: thegreatsatan.com » Pure Conjecture: Franken leaking Coleman Donor Information?

Wed, 11 Mar 2009 15:39:48 +0000

[...] with a little more digging, it looks like Coleman’s IT group was just sloppy Posted by Gabriel | Filed in Corruption, Leftist [...]