Marina Bay Sands (MBS), Singapore, has alerted customers about a possible data breach that occurred last month on two consecutive days, October 19 and 20.
MBS is an integrated resort in Singapore with a hotel, casino, retail mall, convention facilities and entertainment venues, including theatres, nightclubs and a museum, operated by the US casino giant Las Vegas Sands.
In an e-mail to Sands LifeStyle members, MBS chief operating officer Paul Town said the company first became aware of the incident on October 20, and investigations showed that an unknown third party accessed members’ personal data.
“Upon discovery of the incident, our teams immediately took action to resolve it. Investigations have since determined that an unknown third party accessed customer data of about 665,000 non-casino rewards programme members," he added.
The impacted data included the loyalty programme, customer's names, email addresses, phone numbers, country of residence and membership information.
MBS believes that membership data from the casino rewards programme, Sands Rewards Club were not compromised in the incident.
“Based on our investigation, we do not have evidence to date that the unauthorised third party has misused the data to cause harm to customers," MBS said in a statement.
Town alerted customers to remain extra vigilant against phishing attempts, particularly against clicking on links that may direct to malicious websites where passwords or other personal information may be requested.
He also recommended customers to "closely monitor" their accounts for suspicious activity and change log-in Pins regularly.
“We have been working with a leading external cybersecurity firm, and have taken action to strengthen our systems further and protect data,” Town said.
MBS is now contacting Sands LifeStyle loyalty programme members to apologise for the inconvenience.
We have reported the incident to relevant authorities in Singapore and other countries where applicable and are working with them in their inquiries into the issue, it added.
The incident is still under investigation and the nature of the attack has not yet been disclosed.
More recently, the Las Vegas-based casino and hotel operator MGM Resorts International suffered a massive ransomware attack in September that impacted its main website, online reservations systems, and in-casino services such as slot machines, and credit card terminals. The company revealed the cyberattack cost US$100 million (S$136 million) in total damages.
