Singapore’s Marina Bay Sands has become the latest integrated resort to be subject to a data security incident, informing members of its shopping rewards program that some personal data had been accessed without permission by a third party late last month.
In a letter sent to members, MBS Chief Operating Officer Paul Town explained that the incident took place on 19 and 20 October with the unknown third party having accessed the customer data of around 665,000 rewards program members.
The incident relates to the non-casino Sands Lifestyle Rewards program rather than the Sands Rewards Club, with Town noting the company does not believe its gaming membership program was affected.
In a statement MBS said it does “not have evidence to date that the unauthorized third party has misused the data to cause harm to customers.”
“After learning of the issue, we quickly launched an investigation, have been working with a leading external cybersecurity firm, and have acted to further strengthen our systems and protect data”
Data leak similar to Las Vegas casino hack?
While some users may feel the data leak experienced by MBS could be linked to the recent ransomware attacks experienced by two casinos in Las Vegas, it is a rather different situation.
In the ransomware incidents experienced by Caesars Palace and MGM in Las Vegas, the cybercriminals disrupted services and demanded a ransom payment from the organizations. However, MBS has not reported any ransom demands and claims that only the personal data of its members have been compromised. Despite this, the stolen data could be worth a fortune on the dark web, given the information it contains. For now, it remains to be seen what exactly caused the data leak in MBS and whether there was any other data that was compromised.
