China blamed for Marriott International data breach

Hacking tools used to purloin 500 million records point to China's Ministry of State Security, claim US officials

The finger of blame for the data breach at the Marriott International hotels group has been pointed at China's Ministry of State Security.

That's according to officials cited by the New York Times, which claims that it was part of an intelligence gathering exercise.

The attack revealed at the end of November targetted the Marriott's Starwood Hotel brand, with details of some 500 million customers affected, including their passport details.

The link was made, the article suggests, via the kind of tools and techniques used by the attackers to compromise Marriott's systems, although the newspaper didn't provide much in the way of firm evidence to back-up its claims.

The New York Times claimed that both the US government and security companies believed from the start that the attack was part of a broader spy campaign, either to glean US citizens' personal data or data about Chinese nationals in the US.

"The Chinese regard intrusions into hotel chain databases as a standard kind of espionage. So does the US, which has often seized guest data from foreign hotels," claimed the New York Times.

However, it is not the first time that Marriott has displeased China's increasingly authoritarian government, headed by supreme-leader-for-life President Xi Jinping.

In January 2018, the hotel chain was forced to issue a statement that it did not "support separatist elements" in China. That came after it sent out a customer survey listing Tibet, which has been occupied by China since 1951, and Taiwan, which emerged as an independent country following China's Communist revolution in 1949, separately from China.

However, China, has always refused to recognise Taiwan's de facto independence, while enforcing an especially repressive regime on Tibet, as well as the region of Xingjiang in north-western China.