Singapore-based luxury resort Marina Bay Sands has revealed it was hit by a security incident that exposed the personal data of 665,000 guests.
According to a statement released by the resort, the incident occurred on October 19 and 20 and involved unauthorized third-party access to the loyalty program membership data of its non-casino guests.
The leaked data included personally identifiable information (PII), such as customer names, email addresses, phone numbers, country of residence, membership numbers and tiers.
This information could be used in phishing campaigns targeting some of these customers.
“We have no evidence to date that the unauthorized third party misused the data to harm customers,” the station said. in a public statement.
Data from the casino’s rewards program, Sands Rewards Club, was reportedly unaffected.
“As soon as the incident was discovered, our teams immediately mobilized to resolve it. (We) have worked with a leading external cybersecurity firm and have taken steps to further strengthen our systems and protect data. We have reported this to the relevant authorities in Singapore and other countries, where appropriate, and are working with them in their investigations into this issue,” the station said.
Marina Bay Sands staff began individually notifying members of the Sands LifeStyle loyalty program about the incident.
This incident comes a few months after two large resort groups, MGM International and Caesars Entertainment in the United States, were hacked by Scatter Spider (aka Octo Tempest, 0ktapus, UNC3944), a hacker group affiliated with ALPHV/BlackCat and believed to be made up of teenagers based in English-speaking countries.
Read more: Microsoft sounds the alarm over English-speaking Octo Tempest