Singapore’s iconic resort and casino Marina Bay Sands stated that the personal information of its loyalty members was found compromised in a recent data security incident.
Singapore’s largest hotel and casino resort complex posted a statement about the October breach on its website Tuesday.
“Marina Bay Sands became aware of a data security incident on 20th October 2023 involving unauthorized third-party access on 19th and 20th October 2023 to some of our customers’ loyalty program membership data,” the company said.
The customer data of about 665,000 Sands LifeStyle non-casino rewards program members was accessed by an unknown third party. The Sands rewards membership program has four tiers ranging from a free membership to invite-only memberships for big spenders at the complex.
The luxury resort, considered the most expensive in the world, does not believe membership data from its casino rewards program, Sands Rewards Club, was affected.
Compromised Personal data is said to include:
- Email address
- Mobile phone number
- Phone number
- Country of residence
- Membership number and tier
Based on its investigation, Marina Bay Sands states “the unauthorized third party has misused the data to cause harm to customers.”
The hospitality company, which employs more than 10,000 workers on the property, said it reported the incident to the proper authorities in both Singapore and other relevant countries.
Marina Bay Sands also said it has called in an outside cybersecurity firm and is taking further steps to “strengthen our systems and protect data.”
The company will be contacting affected loyalty program members and sincerely apologized for the inconvenience.
Considered one of Asia’s leading business, leisure, and entertainment destinations and known for its architecture, the integrated resort was built in 2010, making a huge impact on the Singapore skyline.
Besides a more than 2,200 room hotel and casino, the landmark complex houses 170 luxury boutiques, convention and exhibition facilities, and its own Arts and Science museum.
Hospitality breaches in the spotlight
“Singapore’s iconic luxury resort and casino has revealed a cyberattack impacting more than 600,000 customers,” explained Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ.
“Organizations in the hospitality and entertainment industry that deal with sensitive customer information need to safeguard their data with a threat-informed defense system,” Costis said.
However, Costis noted that the Marina Bay Sands breach had not been claimed by any specific ransomware group as of yet, referring to two major cyberattacks from September affecting MGM Resorts and Caesars Entertainment on the Las Vegas strip.
Large volumes of customer data was compromised in those attacks, including a trove of customer loyalty rewards program information.
The outage left all twelve MGM hotel and casino resorts on the strip completely analog for about a week affecting credit card payment systems, room locks, slot machines, and company websites.
A September threat report by Confense Intelligence showed that even after the Las Vegas attacks, luxury hotels remained a major target of “well-crafted and innovative” social engineering campaigns, especially phishing.
“It is imperative for these organizations “to adopt a more proactive approach,” Costis said.
"Studying the common tactics, techniques, and procedures used by common threat actors will allow organizations to test their cyber defenses, building a more resilient security detection, prevention, and response program,” he said.
More from Cybernews:
TOC label:TOC id: #
Subscribe to our newsletter