Singapore-based luxury resort and casino Marina Bay Sands has suffered a data breach that exposed data of 665,000 non-casino rewards program members.
The Marina Bay Sands data breach
“Marina Bay Sands became aware of a data security incident on 20 October 2023 involving unauthorized third-party access on 19 and 20 October 2023 to some of our customers’ loyalty programme membership data,” the hospitality establishment said in a security incident notice.
The accessed customer data includes customers’ name, email address, mobile phone number, phone number, country of residence and membership number and tier. The company believes that membership data from their Sands Rewards Club casino rewards program was not accessed.
Marina Bay Sand is owned by the US-based Las Vegas Sands Corporation. The company has reported the incident to Singaporean authorities and other countries where applicable, and has sent out emails to affected and non-affected customers, advising them to stay vigilant for suspicious activity on their accounts and phishing attempts.
Marina Bay Sands also says that they’ve called in a leading external cybersecurity firm to help with the investigation, and have taken action to strengthen their systems and protect data.
“Based on our investigation, we do not have evidence to date that the unauthorized third party has misused the data to cause harm to customers,” the company reassured.
Hospitality industry under attack
Companies in the hospitality industry are often targeted by threat actors. In the past, hackers were primarily after payment card and other sensitive information that could be exploited or sold to others on dark web markets, but the more recent high-profile attacks were executed by ransomware groups.
A recent GuidePoint Security research revealed an increasing number of ransomware attacks targeting the entertainment, hospitality, and tourism (EHT) industry, specifically examining the devastating large-scale ransomware attacks on MGM Resorts and Caesars Entertainment.