Marina Bay Sands Hit by Massive Data Breach: 665K Customers Affected

The Marina Bay Sands (MBS) luxury resort and ca*sino in Singapore has disclosed a data breach incident affecting the personal data of 665,000 customers.

The statement revealed that the security incident was discovered on October 20, when an unauthorized party accessed information belonging to members of the MBS loyalty program.

The announcement stated, “Marina Bay Sands became aware of a data security incident on 20 October 2023 involving unauthorized third-party access on 19 and 20 October 2023 to some of our customers’ loyalty programme membership data.

The company added, “Upon discovery of the incident, our teams immediately took action to resolve it. Investigations have since determined that an unknown third party accessed customer data of about 665,000 non-ca*sino rewards programme members.”

The types of information exposed in the data breach include:

  • Name
  • Email address
  • Mobile phone number
  • Phone number
  • Country of residence
  • Membership number and tier

This data could enable attackers to target MBS customers through various scams, including phishing and social engineering attacks.

It is specifically clarified that current evidence does not indicate that ca*sino members (Sands Rewards Club) were affected by this incident.

The company has stated that MBS customers whose personal data was exposed to attackers will be notified individually about the breach and its implications.

Following the discovery of this incident, MBS reported the matter to the authorities in Singapore and other relevant countries.

While the extent of the attack has not been publicly clarified, the intrusion could be related to a ransomware attack. Threat actors often steal data from corporate networks and then attempt to extort money from the victims.

However, as of the writing of this article, no ransomware attackers have claimed responsibility for the attack on the Marina Bay Sands hotel.