Secret Service is investigating hacking of data on Coleman donors

The U.S. Secret Service is investigating how personal details on thousands of campaign contributors to Norm Coleman, enmeshed in a court battle to win back his Senate seat, were dug out of his database and posted on the Internet.

Coleman, who said campaign officials found out about the hacking late Tuesday after getting calls from donors, called the online theft "obviously an attack on my campaign" but named no suspects. His lawyer, Fritz Knaak, said that while crippling Coleman's fundraising during the election trial was an obvious reason, the campaign had no evidence that political opponents were to blame.

"This is chilling. This is frightening," Coleman said after Wednesday's trial session. "We live in a world where privacy is hard enough to maintain as it is, and what little is left we find is compromised. ... I am hopeful, not confident, that law enforcement authorities who are involved will get to the bottom."

The data posting came as Coleman, a Republican, tries to gain enough votes in the election trial to overcome the 225-vote lead that Democrat Al Franken gained in a recount.

Knaak said the campaign doesn't know how someone obtained partial credit card numbers, card security codes and other data on more than 4,700 donors who gave as little as $1 and as much as the contribution limit of $4,600. The list also included the names of Coleman supporters who hadn't contributed, he said.

Notifying people on the list

Knaak said the campaign has been contacting people on the list to let them know what happened and assure them the incident is being investigated.

"Somehow, some way, this information got out and we think that there's been an ongoing effort," Knaak said. "But again, it's early. We're relying on federal agencies and the state agency to do the follow-up. We're told this is a very high-priority investigation for them, for obvious reasons. It's really an attack on the whole system."

In January, the Secret Service and the Minnesota Bureau of Criminal Apprehension investigated a number of attempts to break into Coleman website's server. They determined the attempts were unsuccessful, Knaak said.

That month, several online publications reported that the Coleman website had crashed several times. The campaign said at the time that the site went down because of large numbers of voters seeking more information on wrongly rejected absentee ballots, while opponents said the campaign faked the crashes to fabricate support for Coleman. But some independent Web diggers reported they found the Coleman donor database unsecured for a brief time.

Knaak didn't confirm that the database had been left open then, saying only that "there might have been issues related to the availability or ability to contact the site or their interface, but we were concerned whether there were any downloads." The Secret Service told them there weren't, he said.

Coleman and Franken have spent millions of dollars on legal fees since the recount and trial began. Coleman said publication of private information "seriously undermines" the campaign's fundraising efforts.

Coleman campaign manager Cullen Sheehan has sent e-mails to supporters alerting them that an investigation was being conducted. He advised them to cancel their credit cards if they were concerned that information might be misused.

Knaak said because there wasn't evidence that hackers obtained data in January, the campaign didn't alert contributors then of the attempted breach. He said the campaign has no evidence that the information posted recently has been misused.

State law requires companies and others to promptly notify anyone if a breach in computer security caused personal information to be obtained by someone not authorized to have it. Personal information is defined as a name along with either a Social Security number, driver's license number or credit card number and security code.

kduchschere@startribune.com • 651-292-0164 pdoyle@startribune.com • 651-222-1210