Marriot Data Breach Investigation Points to Chinese Cyberespionage Team of Hackers

Last updated September 17, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer
Image Credits: Nashville Marriott at Vanderbilt University

According to New York Times, the investigation of the Marriot data breach has yielded its first reliable results, and the finger points to a Chinese team of hackers who are very possibly working for the Chinese Ministry of State Security.

This revelation is very serious, as it basically means that the Chinese national spy agency was behind the cyber-attack and the subsequent collection of the personal details of about 500 million guests. The hacking was actually conducted in Starwood’s database in 2014, a hotel brand that was acquired by Marriott in 2016. Marriott is the top hotel provider for the American government and military personnel so the database had an exceptional value for the Chinese Ministry of State Security. The personal details that leaked include guest names, email addresses, phone numbers, passport numbers, dates of birth, Starwood guest account information, and payment card data.

Marriott, who discovered this leak in September and disclosed it to the public only two weeks ago, asks for a compensation of $12.5 billion on behalf of their 500 million guests, corresponding to $25 per customer. Through an official statement by their CEO, Arne Sorenson, Marriott promises to fund the bill for issuing new passports for their victim customers. This reimbursement will not restore the lost trust to the hospitality company, but it is a move in the right direction at least.

The results of the investigation come at a time of high tension between the US and China, with things being at risk of getting out of hand. Database intrusions, system hacks, data thefts, and violation of embargo agreements are included in the menu, with the Trump administration being in a constant process of planning and imposing retaliative measures against China. The Ministry of Foreign Affairs of China has denied any knowledge of the involvement of government agents to the Marriott hacking, stating through a spokesperson that: “China firmly opposes all forms of cyberattack and cracks down on it in accordance with the law. If offered evidence, the relevant Chinese departments will carry out investigations according to the law.”

Of course, this is hardly convincing as according to the investigators’ report, the same group of Chinese hackers is thought to be behind cyber-attacks against health insurers and US security clearance databases. Roughly a month ago, US convicted two Chinese intelligence officers who allegedly led their corresponding teams of hackers working for the Jiangsu Province Ministry of State Security. This proves that it is not the first time that an employee of the Ministry of State Security will be found guilty of cyber security attack and data theft charges.

Where do you stand on the matter? Feel free to share your opinion on the comments section and don’t hesitate to visit our social pages on Facebook and Twitter to get to know what else is going on in the world of tech.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: