Skip to Content
Computing

The US suspects Chinese state hackers are behind the Marriott hotel data breach

December 12, 2018

US officials believe the attack on Marriott’s Starwood hotel group could be part of a wider Chinese government effort to root out American spies.
 
The news: According to the New York Times, US officials suspect the recently disclosed attack on Marriott’s Starwood hotels chain, which involved the theft of personal details of 500 million guests, was part of a broader intelligence-gathering effort by Chinese spies. They are also believed to have been involved in stealing data from health insurers and in the breach in 2014 of a US government agency that holds personal information given to obtain security clearances. A spokesman for China’s Ministry of Foreign Affairs told the New York Times that China "firmly opposes all forms of cyberattack" and denied any involvement in the hack.
 
The hackers: The US suspects the hackers work on behalf of China’s Ministry of State Security, and that they’re part of a massive data-mining exercise designed to identify American spies and Chinese citizens who work for them. Data from US security-clearance forms would be especially useful for this task, as would information about travel patterns. The Marriott group is the biggest hotel provider for US government and military personnel. 

The bigger picture: The US is now preparing to indict Chinese hackers, according to the paper’s sources. If it does so, it will further strain US-China relations at a time when the two countries are locked in a bitter trade battle. Tensions have already risen since the recent arrest in Canada of Meng Wanzhou, the CFO of Huawei, a giant Chinese telecom company. The US, which believes Huawei poses a cybersecurity threat, has requested her extradition to face charges related to an alleged breach of US sanctions on Iran. China has accused the US and Canada of violating Meng’s civil rights and demanded her release. In an interview with Reuters yesterday, President Donald Trump indicated he could personally intervene in the case if this would serve US national security interests or help close a trade deal with China.
 

Deep Dive

Computing

Everything dies, including information

Digitization can help stem the tide of entropy, but it won’t stop it.

What’s next in cybersecurity

“When it comes to really cutting off ransomware from the source, I think we took a step back.”

Moving money in a digital world

Security is the critical element to expanding digital-first payments.

Cyber resilience melds data security and protection

Organizations face pervasive and sophisticated cyberattacks, but modern data protection techniques can provide a multifaceted defense.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.