Singapore’s renowned luxury resort and casino, Marina Bay Sands (MBS), has publicly disclosed a data breach incident impacting the personal information of approximately 665,000 customers. The security breach was initially identified on October 20, 2023, when an unauthorized entity managed to gain access to data associated with members of the MBS loyalty program.
In an official statement, Marina Bay Sands conveyed, “Marina Bay Sands became aware of a data security incident on October 20, 2023, involving unauthorized third-party access on October 19 and 20, 2023, to certain data associated with our customers’ loyalty program memberships.” Subsequent investigations have revealed that an unidentified third party succeeded in accessing the customer data of approximately 665,000 individuals who are part of the non-casino rewards program.
The compromised data includes the following sensitive information:
- Full Name
- Email Address
- Mobile Phone Number
- Landline Phone Number
- Country of Residence
- Membership Number and Tier
This breach has the potential to expose affected individuals to various risks, including scams, phishing attempts, and social engineering attacks.
It is crucial to note that the current findings do not indicate any impact on casino members, specifically those belonging to the Sands Rewards Club.
Marina Bay Sands has committed to notifying affected customers individually about the breach and its potential implications. In response to the incident, the resort promptly reported the breach to relevant authorities in Singapore and other pertinent jurisdictions.
While the full extent and nature of the breach have not been publicly disclosed, there is speculation that the breach may be linked to a ransomware attack. Cybercriminals frequently exfiltrate data from organizational networks with the intention of extorting money from the victim. As of the time of this statement, however, no ransomware actor has claimed responsibility for the attack on Marina Bay Sands.
BleepingComputer reached out to the resort seeking further information regarding the security incident, but a company spokesperson declined to provide additional details beyond those included in the official statement.
