Coleman campaign battling donor data leak

In a strange example of the new powers of the Internet, Norm Coleman’s Senate campaign said Wednesday that the private information of its supporters appears to have been breached.

An anonymous leaker claims to have obtained the information, including full credit card numbers, from a breach in Coleman’s campaign website in late January. The donor information was posted Wednesday on a website that protects the anonymity of leakers.

The Coleman campaign contends the leaks were politically motivated because of Coleman’s legal challenge to the 2008 Minnesota Senate election results.

But the campaign admitted that it investigated a potential breach in January. It said federal authorities found no evidence of lost data at that time. Nevertheless, it was telling supporters on Wednesday to cancel their credit cards.

Coleman backers began receiving e-mails Tuesday night from an e-mail address at Wikileaks.org stating that it possessed personal information about them and was preparing to post it online in order to prove the Coleman campaign had been breached.

The same address stated in an e-mail early Wednesday morning that “we have discovered that all on-line Coleman contributors had their full credit card details released onto the Internet on 28 of [January], 2009, by Coleman’s staff.”

Coleman’s campaign followed with an e-mail Wednesday morning that said the campaign had become worried its firewalls had been breached.

“We contacted federal authorities at that time, and they reviewed logs from the server in question as well as additional firewall logs,” campaign manager Cullen Sheehan wrote. “They indicated that, after reviewing those logs, they did not find evidence that our database was downloaded by any unauthorized party.

“What we do know … is that there is a strong likelihood that these individuals have found a way to breach private and confidential information.”

Coleman’s campaign is encouraging supporters to cancel their credit cards as a precautionary measure. It is in touch with the Secret Service, and Coleman lawyer Fritz Knaak said the agency has made the case a “high priority.”

Coleman (R) is involved in a lengthy challenge of Democrat Al FrankenAlan (Al) Stuart FrankenHarrison seen as front-runner to take over DNC at crucial moment The Hill's Morning Report - Presented by the UAE Embassy in Washington, DC - Trump, Biden clash over transition holdup, pandemic plans The Hill's Morning Report - Fearing defeat, Trump claims 'illegal' ballots MORE’s apparent 200-plus-vote win in Minnesota’s Senate race. Coleman’s Senate seat remains vacant for the time being.

Franken’s campaign was preparing to rest its case Wednesday, but Coleman’s campaign has suggested it could appeal if the court doesn’t rule in its favor.

Wikileaks.org is a watchdog website that publishes sensitive information — governmental or otherwise — mostly in the name of keeping oppressive regimes in check. To do so, the site protects those who leak the information with anonymity.

A third e-mail from the Wikileaks press office Wednesday afternoon explained that the site believed Coleman’s campaign broke Minnesota law by not initially informing its supporters of the breach. The site then provided a lengthy spreadsheet of donor information, including phone numbers and the last four digits of contributors’ credit card numbers.

Minnesota state law says a person or business must notify anyone whose unencrypted personal information has been or appears to have been compromised.

“The disclosure must be made in the most expedient time possible and without unreasonable delay,” the law says.

Knaak said the campaign was in full compliance because it contacted the Secret Service.

“We needed to have some reasonable understanding and basis, and investigate,” Knaak said. “Otherwise somebody could say, ‘Boo,’ and all of a sudden you’re spooked and everybody else is spooked too.

“We were persuaded that there hadn’t been a breach at that time.”

Knaak said the data posted to Wikileaks appears to be legitimate, though it is packaged in a different way from how it existed on Coleman’s servers. He suggested the data might have been stolen instead of breached, and that it might have occurred on a different date.

He said the leak is clearly political in nature.

The Wikileaks e-mail states that the information is being shared because of the alleged violation. A letter from the person sharing the leaked information, posted by Wikileaks, makes it clear he or she is unhappy that Coleman has continued to drag out his challenge to the results of the Senate race.

Knaak said most donors are angry at the leaker, and not the campaign.

“People are upset,” Knaak said. “They don’t seem to be upset at us, at least yet. … I think it’s having its intended effect.”

He added that the campaign was worried about its ability to continue to raise money for the court case.