Investigators suspect the hackers were working on behalf of the Chinese Ministry of State Security, an official briefed on the investigation told The Associated Press.
An internal security tool flagged the possible breach beginning on September 8 and later discovered the hackers had accessed customer information and attempted to remove it in encrypted form, the company said.
The Times also reports that hackers also gained access to health insurers and security clearance files of millions of Americans. The MSS, an intelligence and security agency, has been behind numerous Chinese government intrusions into sensitive US networks in recent years.
Hackers behind a massive breach at hotel group Marriott International left clues suggesting they were working for a Chinese government intelligence gathering operation, according to sources familiar with the matter.
The Trump administration has been planning to declassify USA intelligence reports that show China's efforts to build a database with the names of United States government officials with security clearances, the Times reported.
Washington sees them as part of an espionage effort that has targeted health insurers and the USA civil service employment database.
Looming over the trade talks are legal proceedings in Canada. Earlier this month, a top executive at Chinese telecommunications giant Huawei was arrested in Canada at the behest of U.S. authorities who accused her of deceiving financial institutions, putting them in a position to violate sanctions against Iran. Chinese officials denied knowing anything about the hacking being done on behalf of any government agency, according to the Times.
The hotel chain revealed last month that it had discovered that hackers had compromised the guest reservation database of its Starwood division, whose brands include Sheraton, W Hotels, Westin, Le Meridien, Four Points by Sheraton, Aloft and St. Regis.
She was granted bail at $7.4 million while she awaits a hearing for extradition to the US.
The Marriott breach exposed an unusually broad array of data, including names, addresses, phone numbers, passport numbers and credit card numbers, as well as information on where people traveled and with whom.