Chinese state hackers reportedly responsible for data breach affecting 500 million customers at Marriott, the US government's biggest hotel provider

Justin Sullivan/Getty ImagesMarriott said it suffered a data breach that affected 500 million customers. A sign in front of a Marriott hotel in 2015 in San Francisco.
  • The Marriott hotel group announced a major data breach that affected 500 million customers.
  • US investigators reportedly believe Chinese state hackers are behind the attack, which began four years ago.
  • Marriott is the top hotel provider to the US government and military personnel.
  • The data breached included credit card details and passport numbers.
  • China has reportedly been trying to build a database containing US government officials’ personal information.
  • Beijing has denied involvement in the attack.

US investigators have reportedly traced the massive data breach on Marriott customer data to Chinese hackers, a move that will likely exacerbate ongoing US-China economic tensions.

The hackers are suspected of working for the Ministry of State Security, the country’s intelligence agency, The New York Times and the Washington Post reported Tuesday night.

The Post’s sources warned against making definitive conclusions on the attack, as the investigation was still ongoing, but said the methods of the hack suggested it was state-sponsored. Private investigators also identified the techniques as those previously used in attacks attributed to Chinese hackers, Reuters reported.

Marriott, which operates more than 5,800 properties in more than 110 countries, says it is the top hotel provider to the US government and military personnel.

The hotel chain announced in late November that about 500 million customers had their personal data breached in the attack, which began four years ago.

About 327 million of them had information like their name, phone number, and passport number taken, while an unspecified number had their credit card details taken.

The Trump administration has been planning to declassify US intelligence reports that show China’s efforts to build a database with the names of US government officials with security clearances, the Times reported.

People involved in the company’s private investigation into the breach also said the hackers may have been trying to collect information for China’s spy agencies, rather than for financial gain, Reuters reported.


Read more:
A senior US intelligence official warned that Chinese hacking is on the rise

Trump xi g20 2017Mikhail Svetlov/Getty ImagesUS-China tensions over trade and cyber policies are mounting. Here, Chinese President Xi Jinping and US President Donald Trump at the 2017 G20 summit in Hamburg.

Passport numbers, which are not usually collected in data breaches, may have been a particularly valuable discovery for the hackers, the Post said.

Beijing has denied responsibility for the attack.

Geng Shuang, a spokesman for the country’s foreign ministry, told reporters last week: “China firmly opposes all forms of cyber attack and cracks down on it in accordance with the law. If offered evidence, the relevant Chinese departments will carry out investigations according to the law. We firmly object to making groundless accusations on the issue of cyber security.”


Read more:
500 million Marriott customers have had their data hacked. Here’s what you should do instead of freaking out.

Tiananmen square security surveillance cameras ChinaEd Jones/AFP/Getty ImagesChina is reportedly building a giant database on US government officials. Here, security cameras look out over Tiananmen Square in Beijing.

Reports of Beijing’s involvement in the Marriott breach comes amid mounting tensions between the US and China over trade tariffs and cyber policies.

Washington has been planning to issue a series of measures that include indictments and possible sanctions against Chinese hackers, The Times and Post both reported.

Beijing is currently reeling over the arrest of Meng Wanzhou, the CFO of Chinese telecom giant Huawei and the daughter of the company’s founder, over her alleged involvement in Iran sanction violations.

She was granted bail at $US7.4 million while she awaits a hearing for extradition to the US. Last week, Beijing summoned the US ambassador to China and warned of “grave consequences” if Meng was not released.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.