The recent data breach affecting millions of guests of the Marriott hotel chain was reportedly the work of a Chinese cyberespionage campaign, officials have claimed.
The data breach, which was revealed last month, led to the personal information of 500m of its customers being exposed online including names, mailing addresses, phone numbers, passport numbers, dates of birth as well as credit card information.
Two officials briefed on the investigation told the New York Times that the threat actors behind the breach may be linked to China’s Ministry of State Security which is responsible for gathering intelligence.
They also said that the hackers believed to be behind the Marriott data breach were connected to cyberattacks against insurance companies as well as the theft of US security clearance files.
After details regarding the data breach were made public, a class-action lawsuit against Marriott was filed seeking $12.5bn in damages on behalf of the affected customers. While this could hurt the hotel chain’s bottom line, it would only provide $25 per customer.
However, Marriott does intend to reimburse some customers with a spokesperson for the company saying that it will pay for new passports in cases where victims of the breach can prove their passport numbers were used to commit fraud.
The hotel chain’s CEO Arne Sorenson has apologised to its customers though an apology and even possible reimbursement does not make up for the fact that they could become victims of identity fraud as a result of the data breach.
We will likely learn more once the findings of the investigation into who was behind the breach is complete.
- We’ve also highlighted the best antivirus to help keep you safe online