BERLIN, GERMANY - JUNE 22: In this photo Illustration hands typing on a computer keyboard on June 22, 2016 in Berlin, Germany. (Photo Illustration by Thomas Trutschel/Photothek via Getty Images)
BERLIN, GERMANY - JUNE 22: In this photo Illustration hands typing on a computer keyboard on June 22, 2016 in Berlin, Germany. (Photo Illustration by Thomas Trutschel/Photothek via Getty Images)
PHOTO: Thomas Trutschel/Photothek/Photothek via Getty Images
Now playing
01:38
These are some of the most notorious data breaches
This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using his computer at their office in Dongguan, China
This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using his computer at their office in Dongguan, China's southern Guangdong province. - From a small, dingy office tucked away in an industrial city in southern China, the Red Hacker Alliance -- one of China's most well-known patriotic "hacktivist" groups -- maintain battle in the country's nationalistic online war. (Photo by NICOLAS ASFOURI / AFP)
PHOTO: NICOLAS ASFOURI/AFP/AFP via Getty Images
Now playing
04:22
Analyst explains why hospitals are vulnerable to hackers
cybercrime, hacking and technology concept - male hacker in dark room writing code or using computer virus program for cyber attack; Shutterstock ID 1083511010; Job: -
cybercrime, hacking and technology concept - male hacker in dark room writing code or using computer virus program for cyber attack; Shutterstock ID 1083511010; Job: -
PHOTO: Shutterstock
Now playing
02:24
Remote work leads to growing concerns over cybersecurity
PHOTO: CNN
Now playing
05:14
A hacker stole $1 million from him by tricking his cell phone provider
SocialProof Security CEO Rachel Tobac uses social engineering to hack CNN tech reporter Donie O
SocialProof Security CEO Rachel Tobac uses social engineering to hack CNN tech reporter Donie O'Sullivan's accounts.
PHOTO: Graphics: John General/CNN
Now playing
04:35
Watch how a social engineering hack works
CNN Business
CNN Business' reporter Donie O'Sullivan ran his photo through Clearview AI's software during a demo at CNN's studio.
PHOTO: John General/Richa Naik/CNN
Now playing
02:33
Is this facial recognition app going too far? We tested it
Fiber optic cables feed into a switch inside a communications room at an office in London, U.K., on Monday, May 21, 2018. The Department of Culture, Media and Sport will work with the Home Office to publish a white paper later this year setting out legislation, according to a statement, which will also seek to force tech giants to reveal how they target abusive and illegal online material posted by users. Photographer: Jason Alden/Bloomberg via Getty Images
Fiber optic cables feed into a switch inside a communications room at an office in London, U.K., on Monday, May 21, 2018. The Department of Culture, Media and Sport will work with the Home Office to publish a white paper later this year setting out legislation, according to a statement, which will also seek to force tech giants to reveal how they target abusive and illegal online material posted by users. Photographer: Jason Alden/Bloomberg via Getty Images
PHOTO: Bloomberg/Bloomberg/Bloomberg via Getty Images
Now playing
02:18
How to protect yourself from hackers
BERLIN, GERMANY - JUNE 22: In this photo Illustration hands typing on a computer keyboard on June 22, 2016 in Berlin, Germany. (Photo Illustration by Thomas Trutschel/Photothek via Getty Images)
BERLIN, GERMANY - JUNE 22: In this photo Illustration hands typing on a computer keyboard on June 22, 2016 in Berlin, Germany. (Photo Illustration by Thomas Trutschel/Photothek via Getty Images)
PHOTO: Thomas Trutschel/Photothek/Photothek via Getty Images
Now playing
01:43
5 of the biggest data breaches​
People walk past a branch of the Capital One Bank on April 17, 2019 in New York City. (Photo by Johannes EISELE / AFP)        (Photo credit should read JOHANNES EISELE/AFP/Getty Images)
People walk past a branch of the Capital One Bank on April 17, 2019 in New York City. (Photo by Johannes EISELE / AFP) (Photo credit should read JOHANNES EISELE/AFP/Getty Images)
PHOTO: JOHANNES EISELE/AFP/AFP/Getty Images
Now playing
01:51
Romans: Don't trust companies to protect your data
PHOTO: Frederick M. Brown/Getty Images
Now playing
00:45
Weather Channel goes off air because of 'malicious software attacks'
LONDON, ENGLAND - AUGUST 09:  In this photo illustration, an image of the Google logo is reflected on the eye of a young man on August 09, 2017 in London, England. Founded in 1995 by Sergey Brin and Larry Page, Google now makes hundreds of products used by billions of people across the globe, from YouTube and Android to Smartbox and Google Search.  (Photo by Leon Neal/Getty Images)
LONDON, ENGLAND - AUGUST 09: In this photo illustration, an image of the Google logo is reflected on the eye of a young man on August 09, 2017 in London, England. Founded in 1995 by Sergey Brin and Larry Page, Google now makes hundreds of products used by billions of people across the globe, from YouTube and Android to Smartbox and Google Search. (Photo by Leon Neal/Getty Images)
PHOTO: Leon Neal/Getty Images Europe/Getty Images
Now playing
02:39
Here's why it's so hard to spot deepfakes
HANOVER, GERMANY - MARCH 05:  A visitor types on a laptop computer at the Google stand the day before the CeBIT 2012 technology trade fair officially opens to the public on March 5, 2012 in Hanover, Germany. CeBIT 2012, the world
HANOVER, GERMANY - MARCH 05: A visitor types on a laptop computer at the Google stand the day before the CeBIT 2012 technology trade fair officially opens to the public on March 5, 2012 in Hanover, Germany. CeBIT 2012, the world's largest information technology trade fair, will run from March 6-10, and advances in cloud computing are a major feature this year. (Photo by Sean Gallup/Getty Images)
PHOTO: Sean Gallup/Getty Images Europe/Getty Images
Now playing
02:32
Google+ to shut down after security bug
A lit sign at Facebook
A lit sign at Facebook's corporate headquarters location in Menlo Park, California, on March 21, 2018.
PHOTO: JOSH EDELSON/AFP/Getty Images
Now playing
03:39
Exclusive: Is Facebook doing enough to stop election meddling?
Now playing
02:54
A new approach to cybersecurity: Let the hackers in
Now playing
02:46
Inside China's biggest gadget market
(CNN Business) —  

A massive data breach at a hotel group owned by Marriott has been traced to Chinese hackers working for the Ministry of State Security, the country’s civilian spy agency, according to The New York Times.

The hack exposed data from approximately 500 million Starwood hotels customers. It also included health insurers and the security clearance files of millions more Americans, according to two people briefed on the investigation, the Times reported.

CNN Business has not independently confirmed the report.

The Times also cited four unnamed US officials who said there could be indictments against Chinese hackers working for the intelligence services and the military. It said the Trump administration also plans to declassify intelligence reports to reveal Chinese hacking efforts dating to at least 2014.

The report comes amid growing tensions between the United States and China. The Trump administration continues to threaten China with taxes on hundreds of billions of dollars of exports to the United States if the countries cannot reach a trade resolution in the coming months.

The United States is also seeking the extradition of the chief financial officer of Chinese tech giant Huawei. She was arrested in Canada this month at the request of US authorities but released on bail there late Tuesday.

The breach of the Starwood reservation system is one of the largest ever, and the company said it is focused on finding out what happened. Marriott bought the Starwood hotels group, which includes Sheraton, Westin, W and St. Regis, in 2016 for $13 billion.

“Our primary objectives in this investigation are figuring out what occurred and how we can best help our guests,” Marriott said in a statement Wednesday. “We have no information about the cause of this incident, and we have not speculated about the identity of the attacker.”

Marriott says that 327 million people had their names, phone numbers, email addresses, passport numbers, dates of birth and arrival and departure information exposed. More than 100 million other customers’ credit card numbers and card expiration dates were potentially compromised.

Marriott has warned that that it can’t confirm if the hackers were able to decrypt the credit card numbers.

“We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward,” CEO Arne Sorenson said in November.

CNN’s Jordan Valinsky contributed to this report.

Correction: An earlier version of this story misidentified the reservation system that was hacked, and some of the customers affected.