News Hub

Marina Bay Sands hit by data breach, over half a million customers affected

Written by Wed 8 Nov 2023

Image of Marina Bay Sands

In a sobering reminder of the cyber threats facing the hospitality industry, Marina Bay Sands has confirmed a data breach that compromised the personal details of 665,000 customers.

The breach, identified on 20 October 2023, saw unauthorised third-party access to the Marina Bay Sands’ loyalty programme membership data. It was swiftly detected by security teams who took immediate action to contain and resolve the incident.

“This is a stark illustration of the cyber vulnerabilities that exist within the hospitality industry. The good news is that Marina Bay has a seasoned security team in place, and they will close any gaps and return the hotel and casino to full capacity as quickly as possible,” said Sean Deuby, Principal Technologist at Semperis.

The breach specifically targeted non-casino rewards programme members, potentially leaking names, email addresses, mobile and phone numbers, countries of residence, and membership details.

Despite the severity of the breach, there is currently no indication that the stolen data has been misused. However, attackers could conduct social engineering-based attacks and phishing scams in the weeks ahead or sell the data to the highest bidders on the dark web. No ransomware actor has claimed responsibility as of yet.

“The silver lining in this most recent breach is that hackers don’t appear to have walked away with the crown jewels of personally identifiable information such as social security numbers and credit card data,” added Deuby.

Marina Bay Sands, owned by the US-based Las Vegas Sands Corporation, has been lauded for its proactive response, including engaging a leading external cybersecurity firm to reinforce its systems. Marina Bay Sands reached out to its Sands LifeStyle loyalty programme members to offer apologies and guidance. The resort has also alerted authorities in Singapore and is collaborating with international bodies to investigate and mitigate the breach’s impact.

“I’m certain Marina Bay focuses regularly on the resiliency of their systems and runs tabletop exercises that enable them to harden critical systems before attacks occur. This strategy helps to reduce losses in times of crisis,” added Deuby.

The incident follows recent security breaches at MGM International and Caesars Entertainment, sending ripples of concern across the industry.

“Today’s disclosure…has left the entire hotel and casino industry on edge. There’s no sugarcoating the fact that when sensitive data is exposed, it can be jarring to companies,” said Deuby.

Deuby’s final thoughts serve as a crucial reminder to the industry: “Defenders can make their organisations so difficult to compromise that hackers look for lower-hanging fruit … It is imperative that organisations have real-time visibility to changes to elevated network accounts and groups.”

The Marina Bay Sands incident is a call to action for all in the hospitality sector to bolster their cyber defences, ensuring the protection of their guests’ personal information and their own reputations.

Hungry for more tech news?

Sign up for your weekly tech briefings!

Written by Wed 8 Nov 2023

Send us a correction Send us a news tip