Report: Clues Suggest Chinese Hackers Behind Marriott Breach

Clues left behind in the Marriott data breach suggest that the hackers might be intelligence officers backed by the Chinese government.

According to a new report by Reuters, officials investigating the vast breach of customer data say the the Marriott hackers used "tools, techniques and procedures previously used in attacks attributed to Chinese hackers." Marriott disclosed the massive data breach on Friday, estimating that up to 500 million customers could have had their personal information copied and encrypted into a database by the hackers over the course of four years.

That stolen information mostly includes“some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preference,” Marriott said. An undisclosed amount of customers' payment card information was also taken and possibly unencrypted.

China is now the lead suspect in the breach, the sources familiar with the investigation told Reuters. But, it is possible that another group of hackers used the same techniques attributed to Chinese agents, because their tactics are posted online and accessible for others to utilize. In fact, the same source said that multiple hacking entities could have accessed the Starwood database during the same time period, which began in 2014.

Starwood merged with Marriott earlier this year to create the world's largest hotel chain.

In addition to contacting customers affected by the breach, Marriott said it would pay for new passports for its guests that could prove their passport numbers had been used to commit fraud. For more information on protecting data that could have been compromised in the breach, see this article.