Hackers Stay 8 Months at Starwood Hotels, Spy on Kentucky Hospital; IT Worker Accidentally Doxxes 6M Georgia Residents

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

Georgia Voters Accidentally Doxxed by IT Employee

Georgia Secretary of State Brian Kemp said he has fired a technology staffer responsible for the illegal disclosure of residents’ personal information.

“Our office shares voter registration data every month with news media and political parties that have requested it as required by Georgia law,” Kemp said. “Due to a clerical error where information was put in the wrong file, 12 recipients received a disc that contained personal identifying information that should not have been included.”

In October, the office released data on compact discs, including Social Security numbers and birth dates, to 12 organizations who regularly subscribe to “voter lists” maintained by the state, such as Georgia GunOwner Magazine.

The state apparently did not learn about the mess-up until 35 days later when it was served with a class-action lawsuit alleging a massive data breach.

Anyone registered to vote in Georgia is affected by the breach, some 6.2 million people.

Robbers Pounce on Payment Systems at 54 Starwood Hotels

A network breach excised customer credit and debit card data from restaurants and gift shops inside dozens of locations.

The hack attack affected, among other destinations, the Phoenician Resort in Scottsdale, Arizona, and the St. Regis Bal Harbour Resort in Bal Harbour, Florida, as well as properties part of the Sheraton, Westin and W chains.

Customer names, card numbers, security codes and expiration dates were compromised.

Clients who stayed at hotels but didn’t use restaurants or shops weren’t affected by the breach, which spanned nearly eight months.

The first intrusion occurred in November at the Sheraton Walt Disney World Dolphin hotel in Orlando. That breach lasted until April 13.

Former Chinese Journalist Leaks List of State-Censored Words

A Chinese national now living in exile in India provided Radio Free Asia – a U.S.-backed broadcaster -- a long list of what he says are sensitive terms outlawed in China.

Li Xin, former editor of the Southern Metropolis Daily’s online edition, said he took pictures of the file on the website’s internal operations system.

Some words are associated with controversial news. For example, “son”, “driver’s licence," “Beijing” and “Ferrari” were listed together, possibly due to a 2012 Ferrari crash in Beijing in which Ling Gu, son of former president Hu Jintao’s top aide Ling Jihua, was killed.

Li said reporters and editors were told to make sure the terms listed did not appear on the website during the period of time when a related incident was drawing public attention.

Ky. Community Hospital Hack Could Date Back 4 Years

Parent company OH Muhlenberg on Nov. 13 disclosed a network intrusion at Muhlenberg Community Hospital that potentially affects all patients, payment guarantors, employees and some providers since possibly January 2012.

A “limited number” of computers were infected by a keystroke-logging program designed to capture information as users typed, company officials said.

The affected computers were used to enter patient financial details and health information, data about the people responsible for a patient’s bill and employee/contractor data. The details included, among other details, telephone numbers, date of birth, Social Security number, diagnoses/treatment information, and payment card data.

The firm believes the malware also could have stolen usernames and passwords for websites users visited.