Norm Coleman campaign officials didn't notify contributors after their database was briefly opened in January because no significant information had been downloaded and they didn't want to unnecessarily chill fundraising efforts, a Coleman lawyer said Thursday.
But the campaign may have broken a state law that requires prompt disclosure of a security breach, a law professor said.
Coleman attorney Fritz Knaak said campaign officials knew personal information for thousands of Coleman supporters had been exposed, but the campaign had "a high degree of confidence" that nothing important had been lost after a thorough investigation by the U.S. Secret Service.
As a result, he said, the campaign didn't want to play into the hands of hackers who might have sought to discourage donations to Coleman.
But Hamline University law Prof. David Schultz said if the breach happened in January, Coleman had "an affirmative duty to ... notify the donors." The database contained credit card numbers and security codes for 4,700 donors, also potentially putting the campaign in violation of a state law that bars businesses from hanging on to such information after a transaction, Schultz said.
Feds investigating
Coleman officials said Wednesday the Secret Service is investigating the posting this week of campaign databases by Wikileaks, a website that specializes in disclosing confidential government information. Efforts to reach someone there failed.
Coleman and his lawyers have accused political foes of breaking into the website, while others have said the breach was the campaign's fault for sloppy website maintenance.