Singapore’s Marina Bay Sands luxury resort revealed on Tuesday that 665,000 of its customers are impacted by a recent data breach.
The incident affects Marina Bay Sands’ shopping loyalty program members. There is no indication to date that the Sands Rewards Club casino rewards program was impacted as well.
The resort, which is owned by US casino and resort giant Las Vegas Sands, discovered on October 20 that an unauthorized third-party had gained access to shopping membership program data on October 19 and 20.
The attacker gained access to information such as name, email address, phone number, country of residence, and membership details. The company said it had found no evidence that the exposed data was misused to “cause harm to customers”.
It’s worth pointing out that while passwords and financial information do not appear to have been compromised, the type of data that was exposed in this incident can be highly useful for targeted phishing attacks.
“After learning of the issue, we quickly launched an investigation, have been working with a leading external cybersecurity firm, and have taken action to further strengthen our systems and protect data,” Marina Bay Sands said in a data security notice posted on its website.
“We have reported it to the relevant authorities in Singapore and other countries where applicable and are working with them in their inquiries into the issue,” it added.
Marina Bay Sands has not shared any additional details on the attack and it’s unclear if the data breach is the result of a ransomware attack, in which cybercriminals often steal data in an effort to pressure the victim into paying a ransom.
No major ransomware group appears to have taken credit for the Marina Bay Sands attack at the time of writing.
This incident comes just weeks after hospitality and entertainment giant MGM Resorts disclosed a highly disruptive ransomware attack that will cost the company more than $110 million.