A Chinese intelligence-gathering effort was behind the massive Marriott hotels data breach that exposed the personal information of up to 500 million people, The New York Times reported Tuesday.
The hackers are believed to have been working for China's Ministry of State Security, The Times reported, citing sources who had been briefed on the investigation's preliminary results. The revelation emerges as the US Justice Department is preparing to announce new indictments against Chinese hackers working for the intelligence and military services, The Times reported.
The hotel chain revealed last month that it had discovered thatof its Starwood division, whose brands include Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft and St. Regis. Marriott said some of the stolen information also included payment card numbers and expiration dates.
Private investigators involved in a probe into the breach had, techniques and procedures that were used in earlier cyberattacks that have been linked to Chinese hackers.
A Marriott spokeswoman said it had "no information about the cause of this incident" and hadn't speculated about the attacker's identity.
The investigation's findings come amid an already precarious relationship between the US and China over trade talks. Earlier this month, a top executive at Chinese telecommunications giant Huawei was arrested in Canada at the behest of US authorities who accused her of deceiving financial institutions, putting them in a position to violate sanctions against Iran.
Marriott is just the latest in a long and growing list of companies to announce that personal data they had collected on their customers has been stolen. Last month, Hong Kong airlinea data breach affecting 9.4 million customers. In September, that data for 50 million of its users had been put at risk. This also comes a year after the in which hackers stole personal information for 147.7 million Americans.
CNET's Holiday Gift Guide: The place to find the best tech gifts for 2018.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.