Singapore’s Marina Bay Sands says 665,000 customers had data stolen during cyberattack

A cyberattack last month against the Marina Bay Sands casino and hotel in Singapore led to the theft of data from 665,000 customers.

The massive complex is located in Singapore’s Marina Bay waterfront and hosts a 2,200-room hotel alongside one of the largest casinos in Asia.

In a notice on Tuesday, the company said it became aware of a data security incident on October 20 after hackers broke into their systems the day before. The hackers gained access to customer loyalty program membership data.

“Upon discovery of the incident, our teams immediately took action to resolve it,” they said.

“Based on our investigation, we do not have evidence to date that the unauthorized third party has misused the data to cause harm to customers. We do not believe that membership data from our casino rewards programme, Sands Rewards Club, was affected.”

The company is working with a cybersecurity firm to address the issue and said the data stolen includes names, email addresses, phone numbers, country of residence, membership numbers and more.

Customers affected by the breach will be contacted by the company. The incident has been reported to authorities in Singapore and other countries.

The attack on Marina Bay Sands follows ransomware attacks on Las Vegas-based MGM Resorts and Caesars Entertainment — two of the largest hotel and casino companies on the planet.

Last month, MGM Resorts said the ransomware attack will cost them about $100 million due to the damage done to hotel systems as well as customer data stolen.

Semperis principal technologist Sean Deuby, who works with hospitality companies on cybersecurity, said attacks on Marina Bay Sands, MGM and Caesars have “left the entire hotel and casino industry on edge.”

“The silver lining in this most recent breach is that hackers don’t appear to have walked away with the crown jewels of personally identifiable information such as social security numbers and credit card data,” he said.

“However, by stealing other personal information about Marina Bay Sands’ loyal customers such as email addresses, and mobile phone numbers, there is a high probability that the attackers could conduct other social engineering-based attacks and phishing scams in the weeks ahead or sell the data to the highest bidders on the dark web.”