Marina Bay Sands discloses data breach impacting 665,000 customers

The Marina Bay Sands (MBS) luxury resort and casino in Singapore has disclosed a data breach that impacts personal data of 665,000 customers.

According to the statement, the security incident was discovered on October 20 and an unauthorized party was able to access information belonging to members of the MBS loyalty program.

“Marina Bay Sands became aware of a data security incident on 20 October 2023 involving unauthorized third-party access on 19 and 20 October 2023 to some of our customers’ loyalty programme membership data,” reads the announcement.

“Investigations have since determined that an unknown third party accessed customer data of about 665,000 non-casino rewards programme members,” the company added.

The type of information exposed in the data breach includes the following:

• Name
• Email address
• Mobile phone number
• Phone number
• Country of residence
• Membership number and tier

The data could help an attacker target MBS customers in various scams as well as phishing and social engineering attacks.

It is specifically clarified that current evidence does not indicate that casino members (Sands Rewards Club) have been impacted by the incident.

The company says that MBS customers who have had their personal data exposed to the attackers will be informed of the breach and impact in indivifual notifications.

After discovering the incident, MBS reported it to authorities in Singapore and other relevant countries.

While the scope of the attack has not been clarified publicly, the intrusion could be related to a ransomawre attack. Threat actors are often stealing data from company networks and then try to extort money from the victim.

At the time of writing, though, no ransomware actor has claimed the attack on Marina Bay Sands.

BleepingComputer has contacted the resort to ask for more information about the security incident, but a spokesperson declined to comment beyond the details in the official statement.