Comments on: Coleman campaign may have violated law in database breach

By: APoliticsNow!» Blog Archive » Senate Guru: Where the Minnesota Senate Race Stands

Sat, 14 Mar 2009 04:54:45 +0000

[...] funnelling money to his wife’s company. Further, Coleman now faces a possible legal battle over whether his campaign broke the law when they did not inform Coleman donors of the possible breach in online security (due to the [...]

By: J Kline

J Kline — Fri, 13 Mar 2009 16:45:55 +0000

Well;…. DUH!!!!! I doubt though it carries the weight of HEPA or SOX compliance though. So maybe the only outcome from this *might* be the termination of the head of IT for his campaign. Big deal. Given all the hyped stories about who done what, when, especially the finger pointing at Coleman saying this was all fabricated, who is working to “forensically” break this down including a time line, so that if there could be a suit, it happens?? No matter who is responsible, posting of names and credit card numbers and such online should be a felony.

By: News Day: Coleman campaign circus / “Don’t do anything embarrassing” / Water bill / Recount and more « Mary Turck

Fri, 13 Mar 2009 15:17:17 +0000

[...] its own promise to donors not to store their credit card numbers; the Coleman campaign probably violated MN law by not notifying donors of the security lapse back in [...]

By: Tim

Tim — Fri, 13 Mar 2009 14:36:34 +0000

I expect that Friz Knaak will see to it that Coleman spends as much time in jail as the law allows. Maybe Normy can bunk with whoever Knaak says “hacked” into the site.

By: Tony Webster

Tony Webster — Thu, 12 Mar 2009 20:56:22 +0000

Yes, storing the card security code/CVV number is not only against Minnesota Statutes, it’s also against the Payment Card Industry Data Security Standards, which the Coleman campaign would have to agree to in order to accept cards. They are liable under Minnesota law for any costs associated with the replacement of the cards, and further liable for any civil suits for anyone who had their information published by the Coleman campaign. Any of the four major companies could discontinue their agreements with the campaign and impose fines for what they did.

It’s one thing if there’s encrypted card numbers and expiration dates and it gets out, it’s another thing if they’re unencrypted, but it’s absolutely ridiculous that they even stored the CVV codes, encrypted or not! That is a disgusting violation of the security of donor credit cards, and there’s absolutely no reason the campaign should have done it.

It sounds like Coleman donors are starting to understand that this wasn’t political and it’s not vicious. It’s about their financial security. Coleman failed to notify donors for over a month, and there have been many blog comments from donors that have actually had to cancel their card already due to unauthorized transactions appearing on their accounts. It was only a matter of time before the major card issuers, Visa especially, would connect the dots and realize that all of these unauthorized transactions have something in common: the cardholders all donated to Coleman!

Coleman attorney Fritz Knaak is really confused if he doesn’t understand what his campaign has done and will likely pay for.

By: Safron

Safron — Thu, 12 Mar 2009 20:02:18 +0000

I wonder how many other businesses retain the security codes. The codes are totally worthless as an additional layer of security if they are stored right along with the card numbers. Hopefully there are consequences for this.

By: Ralph Kramden

Ralph Kramden — Thu, 12 Mar 2009 19:33:05 +0000

As well as being a violation of law, isn’t it also a violation of the agreement w/ the credit card company to retain those security codes?