InfoWorld delves into the recent scandal where former Minnesota Sen. Norm Coleman’s donors’ personal data was exposed to the general public. The reporter finds Coleman’s response was disastrous for donors and the politician’s reputation.
Some 4,700 unlucky donors to the Coleman senate campaign have had their credit card numbers leaked on the Internet, and another 51,000 supporters got their names, addresses, e-mail, and passwords exposed. The data has been out in the wild for at least six weeks, and now that Wikileaks has gotten its fingerprint-free hands on them, everybody can have at it.
The key culprits? Why, the Coleman campaign itself. And therein lies a tale.
News of the wide-open database first hit the Net on Jan. 28, thanks to a Minneapolis-based consultant named Adria Richards, who posted a screen shot of the open Colemanforsenate.com directory on Flickr. She details the process of how she found the open database (in less than two minutes) on herBut You’re a Girl blog. (She says, however, that she did not download it.) […]
Later that evening, the Independent reported Richards’ findings that an unsecured donor database was stored on the Coleman site. A few hours after that, the page containing that database was suddenly password protected.
But the Coleman campaign didn’t bother notifying any of its supporters that their data had been exposed on the Net. (Which, as this Wikileaks page notes, may be a violation of Minnesota state law.)
[Whistleblower site Wikileaks.org got a copy of the databases, warned the donors that their data was about to be published, then put most of the database info online.]
The Coleman crew immediately begins shrieking about being hacked, political dirty tricks, and federal investigations into nefarious acts of espionage. (Though, as Richards notes, the only “hacking” tool she needed to find all this information was Google.) Their official response also included this gem: “We take the privacy and confidentiality of our donors and supporters extremely seriously.”
But not quite seriously enough to a) keep their unprotected confidential data off the Net, or 2) tell anyone after they knew the data was exposed.