Singapore’s Marina Bay Sands hotel and casino targeted in cyberattack

Cybersecurity Breach at Marina Bay Sands Exposes Personal Data of 665,000 Members

Marina Bay Sands, a popular casino and hotel in Singapore, revealed that the personal information of approximately 665,000 non-casino rewards program members was compromised in a recent unauthorized intrusion into its systems. The resort, which is owned by Las Vegas-based Las Vegas Sands Corp., reported that the cyberattack was identified and contained on October 20th, with unauthorized access beginning the day before.

The company stated that, “Based on our investigation, we do not have evidence to date that the unauthorized third party has misused the data to cause harm to customers.” The compromised data includes names, email addresses, phone numbers, country of residence, and membership numbers. This incident is reminiscent of similar attacks on other casino and hotel operators based in Las Vegas, such as MGM Resorts and Caesars Entertainment, both of which suffered significant disruptions and data breaches.

The MGM Resorts incident reportedly cost the company around $100 million. The recent attack on Marina Bay Sands has been attributed to a group of young, native English-speaking threat actors known as Oktapus, Scattered Spider, or Octo Tempest, who also claimed responsibility for the ransomware attacks on the aforementioned casino giants.

Despite the breach, Marina Bay Sands declined to address specific questions, and Las Vegas Sands spokesperson emphasized that the incident is isolated to the non-gaming loyalty program at Marina Bay Sands. The company also operates multiple properties in Macao and is developing a resort in New York.

In response to the breach, the Singapore-based property has initiated an investigation with the assistance of an external cybersecurity firm and taken measures to strengthen its systems. Moving forward, it is critical for Marina Bay Sands to prioritize the security of its customers’ information and implement robust cybersecurity measures to prevent future breaches.