CREDIT CARD DATA SECURITY ISSUES RAISED ABOUT ROMNEY SUPER PAC IN WASHINGTON TIMES ARTICLE

This morning a Washington Times newspaper article raised potential data security issues with the online credit card system used by Restore Our Future, a Mitt Romney Super PAC. http://www.washingtontimes.com/news/2012/may/3/romney-super-pac-donors-put-at-credit-card-risk/.

The article detailed how the super PAC’s computer system appears to lack fundamental security methods for protecting its donor’s personal information. The PAC is raising money through online donor forms to support the presidential campaign of Mitt Romney. Apparently, anyone on the same wireless network as the super PAC could record a donor’s credit card number as it was being submitted. The system appears to lack proper secure socket layers (“SSL”) for encrypting information over the internet.

 
The potential for a data breach and release of the donor’s credit card information should raise serious concerns for the PAC’s owners. As I stated in the article, most states now have data breach and privacy statutes. The definition of a breach is generally the unauthorized acquisition of an individual’s personal information (“PI”) or a reasonable belief that such an unauthorized acquisition of the PI has occurred. In this instance, the PAC should be concerned that such an acquisition could or may have occurred. As a result of the article, the PAC spokesman stated that a secure donor page has been added to their system to ensure that the PI can not be targeted by hackers.

 
This situation once again demonstrates that all businesses that collect or obtain an individual’s PI must ensure that the data is secure and, just as importantly, that their vendors are securing the data as well.  Even if a breach does not occur, the publicity regarding an entity’s lack of a data security system can be just as embarrassing or costly.