500 million Marriott customer data stolen – China is lead suspect

If you or anyone you know has stayed at any Marriott or Starwood hotel they should know about this. Last week they announced that their network had been infiltrated since 2014 and that the guest database of names, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and credit card information for over 500 million guests has been stolen.

BUT, this is an expansive and serious, long-term breach that is characteristic of espionage, not cyber crime. According to a new report from Reuters released just yesterday, security investigators reportedly said that the techniques and tools present in the attack mirror previous Chinese hacks.

Could it be that China has been monitoring guests to and from the hotel chain for years? Security experts say that it is likely.

Also, the techniques that connect the breach to the nation state were posted online. So it’s possible that hackers unaffiliated with Chinese espionage efforts may have used them and other countries may have been watching monitoring guests as well. Scary.