When Attorney General William Barr announced Monday that the U.S. had charged four Chinese military hackers in the giant Equifax hack of 2017, he also confirmed something that cybersecurity experts had long suspected: China was also behind the hack of information on some 500 million Marriott hotel guests in 2018.
Barr also mentioned the 2015 hack of the Office of Personnel Management, another major breach that included sensitive information from about 21.5 million Americans who had done work for the federal government.
In doing so, Barr publicly confirmed that China has been collecting troves of personal data on U.S. citizens for years.
Beginning around 2014, a host of American organizations that store personal identifying information were hacked, with either the government or major private cybersecurity firms attributing China’s Ministry of State Security as the culprit each time. Personal identifying information, or PII, includes names, addresses, birthdays and Social Security numbers.
Cybersecurity experts point to two likely reasons for suspecting China. First, the country's ability to process large amounts of data at scale makes megabreaches a tempting target. Second, it can be used for more traditional espionage, such as identifying people who could become intelligence assets.
China is already the most advanced domestic surveillance state in the world, keeping detailed, real-time records of citizens’ location through facial recognition and keenly monitoring social credit scores by mining data and sifting through it with the aid of artificial intelligence.
