The hackers behind that data breach at Marriott International may have been working for the government of China as part of an intelligence-gathering effort, reported Reuters.
Citing three sources familiar with the matter, Reuters reported that private investors looking into the breach, which started four years ago and exposed the data of as many as 500 million Starwood hotel customers in the reservation system, found hacking tools, techniques and procedures that were used in past attacks attributed to Chinese hackers. That implies Chinese hackers could have been collecting information for spying purposes, not for financial gain. The sources noted that although China is viewed as a lead suspect in the hack, there is a chance that someone else pulled it off — others have access to the same hacking tools. What’s more, Reuters noted that pinpointing the person or government behind the hack could be more difficult because multiple hacking groups may have been inside the Starwood reservation system since 2014.
Speaking in Beijing, Chinese Foreign Ministry spokesman Geng Shuang declined to comment directly on Marriott hack, but Reuters quoted him as saying that China opposes any type of hacking. “If the relevant side has any evidence, they can provide it to the Chinese side, and relevant authorities will investigate in accordance with the law,” he told a daily news briefing. “But we resolutely oppose gratuitous accusations when it comes to internet security.” Marriott spokeswoman Connie Kim declined to comment, saying “We’ve got nothing to share,” when asked about involvement of Chinese hackers, noted Reuters.
If the private investigators can prove China was behind the Marriott hack, it could make a tense relationship between the White House and Beijing even worse. The two countries are embroiled in a tariff dispute amid accusations on the part of the U.S. that China engages in espionage and steals trade secrets from U.S. companies.
In what may be among the largest data breaches in history, Marriott International said Friday morning (Nov. 30) that as many as 500 million guests’ data was accessed, tied to a breach of the Starwood hotel guest reservation database. As reported by NBC and other sites, the firm said that an alert was raised in September from an “internal security tool” that such access to guests’ information had been attempted. A subsequent investigation revealed that the unauthorized access had been ongoing since 2014 – and that unauthorized parties had been able to copy and encrypt information that in November was found to have resided in the aforementioned Starwood database.