Marina Bay Sands Ordered By GRA To Investigate Recent Data Breach
- Marina Bay Sands Singapore had a serious data breach that impacted 665,000 non-casino rewards program members
- Marina Bay Sands has already taken steps to strengthen its data security systems
- Similar attacks hit MGM Resorts and Caesars Entertainment in Las Vegas in September
Marina Bay Sands (MBS) has revealed that the personal information of 665,000 customers at the casino resort had been compromised in a “data security incident” that occurred mid-October.
First reported by local news outlet Today, the cyberattack affected some of MBS customers’ loyalty program membership data, a spokesperson for the casino resort confirmed, but there is no evidence to date that the perpetrators misused the data to cause harm to customers.
Singapore Regulator Wants MBS To Conduct Investigation
Following investigations, it was found that on October 19 and 20, an unauthorized third party had gained access to the personal data of around 665,000 Sands LifeStyle non-casino rewards program members. MBS became aware of the situation on October 20 and immediately took action to resolve it and claimed that the company’s casino rewards program membership data were not impacted by the incident.
The Gambling Regulatory Authority (GRA) in Singapore has asked MBS to carry out further investigations on its casino rewards program membership data breach after the unauthorized third party obtained the email address, mobile number or any other phone number, membership number, membership tier, and country of residence of the affected MBS patrons.
An MBS spokesperson stated that the incident is being investigated and that a leading cybersecurity firm is helping with the investigation. The company has also taken steps to strengthen its data security systems. MBS will reach out to the affected patrons and apologize for any inconvenience caused by the data breach.
Hospitality Industry Major Target for Cybercriminals
As of this writing, no specific ransomware group has claimed responsibility for the MBS cyberattack. Whether it has links to similar incidents that hit MGM Resorts and Caesars Entertainment in Las Vegas in September also remains to be seen. The global land based and online casino industry continues to be a hot target for criminals.
Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, said these recent incidents highlight the importance of having a robust system in place to protect customer data, especially for businesses involved in the hospitality and entertainment industry which remain an attractive target for cybercriminals.