Marriott cyber attack: Hotel data breach that hit 500 million guests linked to Chinese spy agency

Trump administration plans actions targetting China's trade, cyber and economic policies in coming days

Marriott Starwood hack: booking database data compromised in cyber attack that could affect half a billion people

Support truly
independent journalism

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Louise Thomas


The cyberattack on the Marriott hotel chain that collected personal details of roughly 500 million guests was part of a Chinese intelligence-gathering effort that also hacked health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation.

They said the hackers are suspected of working on behalf of the Ministry of State Security, the country’s Communist-controlled civilian spy agency. The discovery comes as the Trump administration is planning actions targeting China’s trade, cyber and economic policies, perhaps within days.

Those moves include charges against Chinese hackers working for the intelligence services and the military, according to four government officials who spoke on the condition of anonymity. The Trump administration also plans to declassify intelligence reports to reveal Chinese efforts dating to at least 2014 to build a database containing names of executives and US government officials with security clearances.

Other options include an executive order intended to make it harder for Chinese companies to obtain critical components for telecommunications equipment, a senior US official with knowledge of the plans said.

The moves stem from a growing concern within the administration that the 90-day trade truce negotiated two weeks ago by President Donald Trump and President Xi Jinping in Buenos Aires might do little to change China’s behaviour — including the coercion of American companies to hand over valuable technology if they seek to enter the Chinese market, as well as the theft of industrial secrets on behalf of state-owned companies.

The hacking of Marriott’s Starwood chain, which was discovered only in September and revealed late last month, is not expected to be part of the coming indictments. But two of the government officials said it has added urgency to the administration’s crackdown, given that Marriott is the top hotel provider for US government and military personnel.

It is also a prime example of what has vexed the Trump administration as China has reverted over the past 18 months to the kind of intrusions into American companies and government agencies that President Barack Obama thought he had ended in 2015 in an agreement with Mr Xi.

Geng Shuang, a spokesperson for China’s Ministry of Foreign Affairs, denied any knowledge of the Marriott hacking. “China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law,” he said. “If offered evidence, the relevant Chinese departments will carry out investigations according to the law.”

Trade negotiators on both sides of the Pacific have worked on an agreement under which China would commit to purchasing $1.2 trillion (£961bn) more of American goods and services over the next several years, and would address intellectual property concerns.

Mr Trump said earlier this week that the United States and China were having “very productive conversations” as top US and Chinese officials held their first talks via telephone since the two countries agreed to a truce on 1 December.

But while top administration officials insist the trade talks are proceeding on a separate track, the broader crackdown on China could undermine Mr Trump’s ability to reach an agreement with Mr Xi.

US charges against senior members of China’s intelligence services risk hardening opposition in Beijing to negotiations with Mr Trump. Another obstacle is the targeting of high-profile technology executives, like Meng Wanzhou, the chief financial officer of the communications giant Huawei and daughter of its founder.

The arrest of Ms Meng, who has been detained in Canada on suspicion of fraud involving violations of United States sanctions against Iran, has angered China. She was granted bail of 10 million Canadian dollars, or $7.5 million, while awaiting extradition to the United States, a Canadian judge ruled.

American business leaders have braced for retaliation from China, which has demanded the immediate release of Ms Meng and accused the United States and Canada of violating her rights.

The International Crisis Group said one of its employees, a former Canadian diplomat, had been detained in China. The disappearance of Michael Kovrig, could further inflame tensions between China and Canada.

“We are doing everything possible to secure additional information on Michael’s whereabouts, as well as his prompt and safe release,” the group said in a statement on its website.

From the first revelation that the Marriott chain’s computer systems had been breached, there was widespread suspicion in Washington and among cybersecurity firms that the hacking was not a matter of commercial espionage, but part of a much broader spy campaign to amass Americans’ personal data.

While US intelligence agencies have not reached a final assessment of who performed the hacking, a range of firms brought in to assess the damage quickly saw computer code and patterns familiar to operations by Chinese actors.

The Marriott database contains not only credit card information but passport data. Lisa Monaco, a former homeland security adviser under Mr Obama, noted last week at a conference that passport information would be particularly valuable in tracking who is crossing borders and what they look like, among other key data.

But officials said it was only part of an aggressive operation whose centrepiece was the 2014 hacking into the Office of Personnel Management. At the time, the government bureau loosely guarded the detailed forms Americans fill out to get security clearances — forms that contain financial data; information about spouses, children and past romantic relationships; and any meetings with foreigners.

Such information is exactly what the Chinese use to root out spies, recruit intelligence agents and build a rich repository of Americans’ personal data for future targeting. With those details and more that were stolen from insurers like Anthem, the Marriott data adds another critical element to the intelligence profile: travel habits.

James A Lewis, a cybersecurity expert at the Center for Strategic Studies in Washington, said the Chinese have collected “huge pots of data” to feed a Ministry of State Security database seeking to identify American spies — and the Chinese people talking to them.

“Big data is the new wave for counterintelligence,” Mr Lewis said.

The New York Times

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in