Norm Coleman Urges Donors to Cancel Their Credit Cards After Info Leaked

By Brian Bakst | March 12, 2009 | 5:20 AM EDT
St. Paul, Minn. (AP) - As Minnesota's drawn-out Senate saga took another step toward conclusion in a courtroom Wednesday, thousands of donors to Republican Norm Coleman's legal fund learned that their identities and some of their credit card information had been posted on the Internet.
In an e-mail to supporters Wednesday, the Coleman campaign said personal and credit card information of thousands of donors had been posted online. The campaign said it asked federal authorities to investigate, and it urged affected donors to cancel the cards.
The disclosure came at a bad time for Coleman, who is in the seventh week of a lawsuit challenging the recount that put his Democratic opponent, Al Franken, on top by 225 votes. A special court is nearing the end of that trial, but expensive appeals could follow.
"I think it will have a very debilitating effect" on fundraising, Coleman said outside the Minnesota courtroom. "I find it to be frightening, I find it to be scary and I'm obviously disappointed. But I am hopeful -- not confident -- that law enforcement authorities who are involved will get to the bottom of this."
A group called Wikileaks e-mailed some Coleman supporters Tuesday night to suggest that their credit card information was floating around the Internet. Wikileaks casts itself as an outlet for "untraceable mass document leaking and analysis," with a focus on exposing oppressive regimes worldwide and unethical behavior in corporations and government.
"Your name, address and other details appear on a membership list leaked to us from the Norm Coleman Senate campaign," the e-mail said.
A follow-up e-mail linked to a spreadsheet showing information for 4,715 donors, including names, addresses, phone numbers, donation amounts, partial card numbers and security codes.
The group also posted on its Web site a spreadsheet with details for 51,641 Coleman contacts, including volunteers, reporters and rallygoers. It said it would release other information "once those affected have time to be informed."
Coleman attorney Fritz Knaak and campaign manager Cullen Sheehan said the campaign became aware of a possible security breach in January, but an investigation, which Knaak said involved the U.S. Secret Service, found that no unauthorized party had accessed the confidential information.
Two Minnesota political Web sites wrote at the time about loosely guarded donor data on Coleman's Web page, but it's unclear where or when the data was publicly accessible.
One of the Wikileaks e-mails cited a blog post by Adria Richards, a Minneapolis-based technology consultant who said she read in January about the supposed breach of Coleman's site and went there herself out of curiosity.
Richards told The Associated Press on Wednesday that she quickly found private information, including a link to a database, that was accessible to anyone with a decent understanding of Web servers. She took several screen captures of the pages and posted them to her blog.
"I'm not a hacker. My goal is not to dig into other peoples' insecurities, but just to identify them," said Richards, who added that she didn't download or even open the database.
Richards said she had nothing against Coleman. "I would have done this if it was a Republican or a Democrat," she said.
Knaak said Coleman's campaign officials met to discuss the Web site after its security was questioned in January.
"We wanted to be very sure there wasn't going to be any likelihood of success," Knaak said. "Apparently we weren't successful."
Wikileaks accused the Coleman campaign of keeping the January breach secret and cited a Minnesota law that requires prompt disclosure of any breach involving personal information. Knaak said he's confident the campaign complied with the law.
Jay Lim, a spokesman for Wikileaks, said in an e-mail to the AP that "Coleman should not have kept this information" and that "his team should not have released the information out onto the open Internet for anyone to download."
Lim added that Coleman "should have informed those concerned. ... We shouldn't have had to do it for him."
Knaak said it's unclear whether Wikileaks had a hand in shaking the information loose or was merely a conduit for disseminating it. He said the campaign doesn't believe it came from an insider.
Whatever the case, Knaak warned that the data release wouldn't be taken lightly.
"If somebody did this as a lark to see what would happen, they just bought themselves a ton of trouble," he said.
In an e-mail to supporters Wednesday, the Coleman campaign said personal and credit card information of thousands of donors had been posted online. The campaign said it has asked federal authorities to investigate.