A Chinese intelligence-gathering effort is reportedly behind the massive cyberattack on a Marriott hotel chain, which exposed the personal information of up to 500 million customers.
Two people briefed on the preliminary investigation told the New York Times the hackers are believed to have been working on behalf of the Ministry of State Security. And while U.S. intelligence agencies have not officially determined who performed the hack — one of the largest data breaches ever — a group of firms brought in to asses the damage immediately spotted code and pattern similar to those used in previous operations by Chinese actors.
The same Chinese efforts were also reportedly behind hacks on health insurers and other hotels as well as the security clearance files of millions of Americans, The Times reported.
The revelation emerged as the Trump administration mulls targeting China’s trade, cyber and economic policies. What’s more, the Justice Department is gearing up to announce new indictments against Chinese hackers working for the intelligence and military services, according to government officials speaking on the condition of anonymity.
Geng Shuang, a spokesman for the Chinese Ministry of Foreign Affairs, denied any knowledge of the Marriott hack.
“China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law,” he told the Times. “If offered evidence, the relevant Chinese departments will carry out investigations according to the law.”
He added: “China is one of the major victims of threats to cybersecurity including cyberhacking.”
Marriott revealed in November that a cyberattack compromised the guest reservation database of its Starwood division — a group of hotels it purchased for $13 billion in 2016, including the Sheraton, St. Regis, Westin and W hotels.
Hotel officials first became aware of the breach in September and immediately launched an investigation, which uncovered unauthorized access to the Starwood network since 2014.
For millions of guests, the exposed information includes their names, phone numbers, email addresses, genders, passport numbers, date of birth and arrival and departure information. For others, it also includes payment information and card expiration dates, while some only had their name and mailing address stolen.
An investigation into the breach is ongoing and the FBI continues to track the situation.
A Marriott spokesperson said their priority is “how we can best help our guests” and that they “have no information about the cause of the incident, and we have not speculated about the identity of the attacker.”
