Chinese Hackers Are Likely Responsible For Marriott Data Breach, Reports Say Chinese state hackers most likely attacked the reservation system at Marriott's Starwood chain, revealing details of 500 million guests, according to people familiar with the U.S. investigation.
NPR logo Chinese Hackers Are Likely Responsible For Marriott Data Breach, Reports Say

Chinese Hackers Are Likely Responsible For Marriott Data Breach, Reports Say

Marriott said that for as many as 500 million guests of its Starwood network, which includes Westin hotels like this one in Philadelphia, the compromised data includes dates of birth and passport numbers. Matt Rourke/AP hide caption

toggle caption
Matt Rourke/AP

Marriott said that for as many as 500 million guests of its Starwood network, which includes Westin hotels like this one in Philadelphia, the compromised data includes dates of birth and passport numbers.

Matt Rourke/AP

As the U.S. government investigates the breach of Marriott's Starwood chain hotel reservation system, it appears Chinese state hackers are mostly likely responsible for the data breach. The information of about 500 million customers worldwide was exposed.

The New York Times, which reported the story first, and The Washington Post quote unidentified people who have been briefed on the government's preliminary findings. NPR has not independently confirmed the details provided by the papers' sources.

The Post reports that its sources "cautioned that the investigation has not been completed, so definitive conclusions cannot be drawn. But the sweep and tactics of the hack, which took place over four years before being discovered, prompted immediate speculation that it was carried out by a national government."

According to the paper, "preliminary indications show the breach was executed by hackers affiliated with the Chinese Ministry of State Security, said the people, who spoke on the condition of anonymity to reveal information not yet ready for public release. The MSS, an intelligence and security agency, has been behind many Chinese government intrusions into sensitive U.S. networks in recent years."

The hack into Marriott's Starwood is part of Chinese intelligence-gathering efforts that also hacked into health insurers and security clearance files of millions of Americans, The New York Times reports. And that the "discovery comes as the Trump administration is planning actions targeting China's trade, cyber and economic policies, perhaps within days."

The Times reports "those moves include indictments against Chinese hackers working for the intelligence services and the military, according to four government officials who spoke on the condition of anonymity. The Trump administration also plans to declassify intelligence reports to reveal Chinese efforts dating to at least 2014 to build a database containing names of executives and American government officials with security clearances."

The paper goes on to say "other options include an executive order intended to make it harder for Chinese companies to obtain critical components for telecommunications equipment, a senior American official with knowledge of the plans said."

The latest news come at a sensitive time for U.S.-China relations. The Trump administration has been working with Chinese officials to negotiate an end to the trade war.

Looming over the trade talks are legal proceedings in Canada. The U.S. requested that Canada detain Chinese tech executive Meng Wanzhou, of Huawei, the company founded by her father. The U.S. suspects Huawei of fraud involving violations of U.S. sanctions against Iran. On Tuesday she was granted bail in Canada while she awaits extradition to the U.S.

The hack into Starwood's reservation system was discovered in September and was publicly revealed last month — shortly before the U.S. began a 90-day trade truce with China that was negotiated by President Trump and Chinese President Xi Jinping in Buenos Aires, which hosted the G-20 summit.

As reported by NPR's Avie Schneider, "For 327 million of the affected guests, the compromised data includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest ("SPG") account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences."

A spokesman for the Chinese government earlier denied any knowledge of the data breach.