DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

More on the Coleman campaign breach (updated)

Posted on March 11, 2009 by Dissent

The Associated Press is now reporting that financial data for at least 4,700 campaign donors was posted on the internet and contact information for 51,000 others was also disseminated.  A statement from Coleman’s office indicates that there may have been a breach of the Coleman for Senate web site and that federal investigators, when contacted in January about a possible breach, had not found any evidence that there had been any breach (but see the Minnesota Independent story, below).

Wikileaks.org published the list of 4,721 donors as well as a list of 51,641 supporters and web site users with some details unredacted. Both files contain full names, addresses, and in the case of supporters, their home phone numbers. Credit card numbers were truncated, although Wikileaks.org indicates it had obtained full credit card numbers.

In a press release on the documents, Wikileaks.org  says:

Although politically interesting in their own right, the lists, which are part of an enourmous (sic) 4.3Gb database leak from the Coleman campaign, provide proof to the rumors that sensitive information–including thousands of supporter’s credit card numbers–where  (sic) put onto the Internet on January 28 as a result of sloppy handling by the campaign.

Senator Coleman collected detailed information on every supporter and website visitor and retained unencrypted credit card information from donors, including their security codes. Although made aware of the leak in January, Senator Coleman kept the breach secret, failing to inform contributors, in violation of Minnesota Statute 325E.61.

In January, Paul Schmelzer of the Minnesota Independent had reported the web site crash. A commenter, “EPIC” had posted a link to the entire database on January 28th: http://208.42.168.251/colemanforsenate.com/db/database.tar.gz (that link did not work when tested today). Today, he explains that the site was not hacked, and that IT professional IT Adria Richards uncovered the database in January by using her browser:

Richards said she discovered the database by entering normcoleman.com, into OpenDNS’ cache-check tool, which gave her an IP address where the Web site lived.

Simply copying that address into a Firefox browser revealed the Web site directories for normcoleman.com.

Richards didn’t download the database herself, but she posted a screen capture of what she’d found online after she made the discovery. An IT consultant for 10 years, she published her findings on her blog to educate others about the risks of improperly managed websites, she said.

“All you needed was a Web browser,” she said. “It’s like I walked over to Norm Coleman’s house and saw his door was open, took a photo of the open door and posted it on the Internet.”

Related:

  • Forbes Breach Email Statistics
  • Kept in the Dark -- Meet the Hired Guns Who Make…
  • WikiLeaks Publishes 5 Million STRATFOR eMails
  • United Nations, UN.org Hacked and data dumped Again
  • 800 sites hacked and defaced by Pak Cyber Pyrtes for…
Category: Breach IncidentsExposureHackMiscellaneousU.S.

Post navigation

← Sprint: Employee Stole Customer Data (updated)
Bits ‘n Pieces →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Liberty Township in Ohio has recovered its network after a ransomware attack
  • Marquette County Medical Care Facility discloses data breach
  • Industry Letter – June 23, 2025: Impact to Financial Sector of Ongoing Global Conflicts
  • MNGI Digestive Health settles class action lawsuit stemming from BlackCat attack
  • Four REvil ransomware members released after time served on carding charges
  • Why Dumping Sensitive Data on Network Shares is a Liability
  • A militarily degraded Iran may turn to asymmetrical warfare – raising risk of proxy and cyber attacks
  • Pro-Russian hackers disrupt Dutch government websites ahead of NATO summit
  • Iran-Linked Threat Actors Leak Visitors and Athletes’ Data from Saudi Games
  • UK: Oxford City Council still investigating cyberattack from earlier this month

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule
  • The Markup caught 4 more states sharing personal health data with Big Tech
  • Privacy in the Big Sky State: Montana’s Consumer Privacy Law Gets Amended
  • UK Passes Data Use and Access Regulation Bill

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.