Data Breach at Singapore’s Marina Bay Sands Affects 665,000 Customers

The Singapore-based luxury complex Marina Bay Sands revealed it was hit by a security incident that exposed the personal data of 665,000 customers.

According to a statement published by the resort, the incident occurred on October 19-20 and involved unauthorized third-party access to its non-casino customers’ loyalty program membership data.

The leaked data included personally identifiable information (PII), such as customers’ names, email addresses, phone numbers, country of residence, membership numbers and tiers.

This information could be used in phishing campaigns targeting some of the said customers.

“We do not have evidence to date that the unauthorized third party has misused the data to cause harm to customers,” the resort said in a public statement.

Data from the casino rewards program, Sands Rewards Club, was allegedly unaffected.

“Upon discovery of the incident, our teams immediately took action to resolve it. [We] have been working with a leading external cybersecurity firm, and have taken action to further strengthen our systems and protect data. We have reported it to the relevant authorities in Singapore and other countries where applicable and are working with them in their inquiries into the issue,” said the resort.

The Marina Bay Sands staff has started individually informing Sands LifeStyle loyalty program members about the incident.

This incident comes a few months after two major resort groups, MGM International and Caesars Entertainment in the US, were hacked by Scatter Spider (aka Octo Tempest, 0ktapus, UNC3944), a hacking group affiliated with ALPHV/BlackCat and allegedly made of teenagers based in English-speaking countries.

Read more: Microsoft Sounds Alarm Over English-Speaking Octo Tempest