China has been linked to a hack on the Marriott hotels giant and its Starwood reservation system — one of the world’s largest-ever data breaches, Reuters said in an exclusive report.
Marriott revealed last week that the hacking of its reservation system had exposed the personal and financial data of 500 million guests around the world over the last four years.
The compromised information more than likely includes details of Irish business travellers and tourists at the group’s hundreds of properties around the world, as well as the two hotels the group owns in the Republic.
Marriott had warned that the hackers could have had access to personal details, including names, passport numbers, mailing addresses, phone numbers, email addresses, date of birth, gender, arrival and departure information, reservation dates, and communication preferences.
The scale of the attack had raised suspicions last week over the involvement of a foreign government.
Reuters has now reported that private investigators looking into the breach have found hacking tools, techniques, and procedures previously used in attacks attributed to Chinese hackers.
It cited three unidentified sources.
The Irish Data Protection Commission confirmed this week it was also looking into the breach.
Marriot also own The Westin hotel in Dublin.
Reuters reported that identifying the culprit was further complicated by the fact that investigators suspect multiple hacking groups may have simultaneously been inside Starwood’s computer networks since 2014, citing one of the sources.
Speaking in Beijing, Chinese Foreign Ministry spokesman, Geng Shuang, declined to comment directly on the data issue, but said China strongly opposed any form of hacking, Reuters has reported.
“But we resolutely oppose gratuitous accusations when it comes to internet security,” he added. While China has emerged as the lead suspect in the case, the sources cautioned it was possible somebody else was behind the hack because other parties had access to the same hacking tools, some of which have previously been posted online, Reuters reported.