Coleman campaign: 50,000 supporters had personal data leaked


Norm Coleman is dealing with a public relations disaster today as they try to control information about a potential leak of personal data from 50,000 donors, says the Associated Press.

At least 4,715 of those donors also had their financial information leaked. Those donors are being told to cancel their credit card immediately. The others just had their contact information leaked.

Coleman's campaign might be crying out against hackers, but some are saying they made this data easy to access on their site.

Check out our story from earlier today for the background. More from the AP:
"If you are trying to intimidate people who may have given money to the Coleman campaign by threatening their privacy or doing something like that, what that might have is a chilling effect on fundraising efforts by the Coleman campaign," said Fritz Knaak, a Coleman attorney.

Sheehan and Knaak said the campaign became aware of a possible security breach in January, but a probe then found that no unauthorized party had accessed the confidential information. Two Minnesota political Web sites wrote at the time about loosely guarded donor data on Coleman's Web page.

Minnesota law requires prompt disclosure of any breach involving personal information, such as credit card numbers and security codes. The custodian of the information can be fined for failing to make timely notifications, although there is an exemption when the disclosure can interfere with law enforcement needs.

Knaak said he's confident the campaign complied with the notification law. The campaign is advising donors to contact their credit card company and cancel the card at issue, but hasn't heard of misuse of any financial accounts yet.

While Coleman's team is trying to say this was some evil hacker out to destroy their supporters, others are calling them out for making the information easy to access.

Minnesota Independent spoke to the IT professional Adria Richards who was able to access the information on their site without any "hacking" involved.

"It's not hacking," she said. "I didn't use any hacking tools. A browser was my tool."

Richards said she discovered the database by entering, into OpenDNS' cache-check tool, which gave her an IP address where the Web site lived. Simply copying that address into a Firefox browser revealed the Web site directories for

"All you needed was a Web browser," she said. "It's like I walked over to Norm Coleman's house and saw his door was open, took a photo of the open door and posted it on the Internet."

She published a screen capture and then wrote about it on her blog.