A massive cyberattack on the Marriott hotel chain was part of a Chinese intelligence-gathering effort, The New York Times reported on Tuesday, citing two people briefed on the preliminary results of the investigation.
An unknown attacker stole information including emails, names, addresses, passport numbers and possibly payment card information, in a slow-moving attack that lasted four years. The breach, which affected 500 million guests, was disclosed by the chain in late November, two months after it was discovered.
The Justice Department is preparing to announce new indictments — possibly within days — against Chinese hackers working for the intelligence and military services, according to the NYT, which cited government officials speaking on condition of anonymity.
The Times also reported that Washington is considering an executive order to ensure that it will be difficult for Chinese firms to obtain critical telecommunications equipment.
The latest developments in the Marriott security breach come amid flaring tensions between China and the U.S. as the two countries try to work out a trade deal, with the arrest of Chinese telecom giant Huawei’s Chief Financial Officer Meng Wanzhou in Canada raising concerns that the conflict could become more complicated.
— Correction: This article has been updated to correctly reflect the name of the Marriott hotel chain.