Comments on: Breaking: Coleman’s unsecured donor database revealed on Wikileaks

By: TTNET ADSL Basvuru

TTNET ADSL Basvuru — Sat, 05 Jun 2010 06:39:38 +0000

But don’t forget, Republicans like Sen. Coleman are the ones who kept you safe from Islamofascist terrists (9/12 and after, that is; everything before that was Klintoon’s fault) and socialest Demoncrats and lieberals who want to redistribute your hard-earned wealth to furriners and to lazy losers who don’t want to work and who buy houses they can’t afford.
Teabag party

By: Privacy vs. Technology (again)

Privacy vs. Technology (again) — Mon, 23 Mar 2009 13:51:53 +0000

[...] stored and your purchasing history tracked (and perhaps sold). Or a political campaign worker can compromise your credit card information on its web site (committing numerous violations of CISP in the [...]

By: Tom Woolf

Tom Woolf — Thu, 12 Mar 2009 20:53:16 +0000

Widtap – that’s EX-Senator.

By: Smartalek

Smartalek — Thu, 12 Mar 2009 17:48:03 +0000

But don’t forget, Republicans like Sen. Coleman are the ones who kept you safe from Islamofascist terrists (9/12 and after, that is; everything before that was Klintoon’s fault) and socialest Demoncrats and lieberals who want to redistribute your hard-earned wealth to furriners and to lazy losers who don’t want to work and who buy houses they can’t afford.
Teabag party!

– A True ‘Murkin

By: NORM COLEMAN: Abyssmally Stupid Republican | culturekitchen

NORM COLEMAN: Abyssmally Stupid Republican | culturekitchen — Thu, 12 Mar 2009 16:57:42 +0000

[...] the Minnesota Independent: …scrutiny by web enthusiasts exposed a bigger problem for the campaign: an unprotected database [...]

By: Oooopsie! « Mercury Rising 鳯女

Oooopsie! « Mercury Rising 鳯女 — Thu, 12 Mar 2009 05:49:50 +0000

[...] by Phoenix Woman on March 12, 2009 – The MnIndy reports that Norm Coleman’s donor list was found on an unsecured portion of his web… The discovery was made as a result of people trying to determine if Coleman had crashed his own [...]

By: The Crossed Pond » All Norm Coleman Donors: Cancel Your Credit Cards

The Crossed Pond » All Norm Coleman Donors: Cancel Your Credit Cards — Wed, 11 Mar 2009 19:50:17 +0000

[...] never got replies, leading Wikileaks to eventually call the donors directly. Good reporting on it here, with a twist. Wikileaks claims that the Coleman campaign was aware of the breach, and has been [...]

By: Tony Webster

Tony Webster — Wed, 11 Mar 2009 16:39:06 +0000

Norm Coleman’s campaign is the only party at fault in this situation. They are the ones who actively put their entire database online for anyone to download simply by clicking a link; no hacking nor special knowledge required. This is documented on several websites back in January. So why has this taken so long to enter the public forum? Why has the Coleman campaign taken so long to give notice to their supporters that they not only released, but illegally stored their credit card information?

This release of information is not the only bad part, as it seems the parties involved with the Wikileaks disclosure actually protected the cardholder’s full credit card number. Coleman’s campaign actively violated Payment Card Industry Data Security Standards (PCI DSS) by storing the full card number and expiration date unencrypted, which isn’t permitted. Even worse, they stored the security code on the back of the card, and storage isn’t permitted in any case, for any reason, with or without encryption.

This is complicated by the political nature of the information. Donors who gave an amount small enough to avoid being reported in campaign financial reporting documents will now find that their full name, address, employer, occupation and credit card information has been published by the campaign they donated to!

This is a disgusting example of poor security, and blame needs to lie with the Coleman campaign and their web developers. Blame further lies with the Coleman campaign and their media operations for not notifying their donors that their information had been published. I say published, because the information wasn’t breached, stolen, or otherwise hacked. It was PUBLISHED and DISTRIBUTED via the Coleman website. No “federal authorities” are going to look at firewall logs when the Coleman campaign actively disclosed their own database, so who do you think should be the parties the “federal authorities” investigate? Hopefully they’ll investigate the Coleman campaign itself.

Certainly, if someone were to use the card numbers or actively distribute the card numbers, it would be a illegal and unethical. But at this point, Wikileaks and their source didn’t release full card numbers. Who knows what will happen next in that regard? If “federal authorities” found that nobody had accessed the database, which was again openly published on the Coleman website, how did Wikileaks get an Excel spreadsheet of every single web donation?

Coleman Campaign Manager Cullen Sheehan writes in a press release that there is a “…strong likelihood that these individuals have found a way to
breach private and confidential information.” Well, generally there’s MORE than a “strong likelihood” when the campaign PUBLISHES the said private and confidential information on their website!

So, what’s next? The Coleman campaign needs to admit fault, and tell donors that there’s not a “likelihood” of a breach, but that it actually happened, and that they are at fault. They need to stop blaming “hackers,” and start blaming their web developers.

I further call for the Minnesota Attorney General’s office and state authorities to investigate this matter and charge the Coleman campaign for violations of Minnesota Statute §325E.61, specifically relating to their disclosure of personal information and neglect to notify donors, or more accurately, lie about the reasons behind the disclosure.

By: Mike Keliher

Mike Keliher — Wed, 11 Mar 2009 16:30:31 +0000

That would be “Excel spreadsheet.” The data has nothing to do with our local energy company.

By: WIDTAP

WIDTAP — Wed, 11 Mar 2009 15:51:09 +0000

I find it curious that not only did Coleman campaign fail to secure the data as well an any mom & pop internet storefront would, but also that they were storing the credit card security codes. There are specific credit card industry regulations, called PCI, that call this out as a big no-no. It’s the sort of thing that can allow you bank to cancel your credit card payee clearing privileges. You can also get sued for doing this. Well, you or I could get sues. A Senator like Coleman is probably above the law and common industry regulations like the rest of us.