Ode to Norm
According to WikiLeaks, this is the letter sent by the Coleman campaign to their supports who provided email addresses when they donated. See also, the story on MPR’s NewsCut.
Update: Just thought I’d add a link to the original public discovery/disclosure of this issue over at But You’re a Girl.
Dear Supporter,
I’m not a supporter, thankyouverymuch.
Last evening, we began receiving emails and phone calls from donors - and non-donors - who reported receiving messages from an email address: press-office@wikileaks.org stating that they possessed information about the individual and were threatening to post that information online.
Only after noting that you became aware of the insecure configuration of your database server two months ago. [1] [2]
We immediately contacted the appropriate federal law enforcement authorities and they are aggressively investigating this matter. We take the privacy and confidentiality of our donors and supporters extremely seriously.
No, you don’t take that matter seriously. I’m very glad to not be a supporter. Oh, and be careful with notifying law enforcement, since you’re the ones who broke the law here. Not to mention your non-compliance with PCI (payment card industry) data security standards, which would prohibit storing this information in any publicly-accessible database, and most certainly prohibits storage of the CVV code from the back of your donors’ credit cards.
In January, an event occurred that made us fearful that our firewalls might have been breached. We contacted federal authorities at that time, and they reviewed logs from the server in question as well as additional firewall logs. They indicated that, after reviewing those logs, they did not find evidence that our database was downloaded by any unauthorized party.
Uh, you’re wrong, clearly. Hire a new network and security person. You might have to seek donations to pay a fare wage though…
Let me be very clear: At this point, we don’t know if last evening’s email is a political dirty trick or what the objective is of the person who sent the email. What we do know, however, is that there is a strong likelihood that these individuals have found a way to breach private and confidential information. But because of this uncertainty, and out of an abundance of caution, we have begun contacting our supporters to provide them with as much information as we currently have available.
From the descriptions, they didn’t “find a way”, you didn’t properly secure that data. The objective is most likely to get you to secure your donors’ information and comply with regulations, state and federal law.
Given the nature of this threat, if you have concerns about whether or not your credit card that was used to make a donation to the campaign has been compromised, we encourage you to contact your credit card company to cancel the card. If you have any questions, please contact us at the Coleman for Senate Campaign at (651) 645-0766. All of our donors and supporters should be assured that our campaign will work with all appropriate federal and state law enforcement agencies to take all appropriate legal action to identify the individual or individuals who may be involved in this matter and to pursue all appropriate legal action against them.
Who’s going to pursue all appropriate legal action against yourselves? Are you going to send a proper notification to your donors outlining exactly what personally identifiable information was breached? The law says you must.
Sincerely,
Cullen Sheehan Campaign Manager
Thankfully not for long, you’re not.
Email
Twitter
Facebook
LinkedIn
Flickr
Vimeo
last.fm
Instagram
Subscribe via RSS
Follow on Tumblr
View mobile version
Show a random post