Marina Bay Sands Becomes Latest Hospitality Cyber Victim

Unknown attackers have accessed PII for hundreds of thousands of loyalty customers at the high-end Singapore establishment.

Singapore's Maria Bay Sands hotel and the merlion at dusk
Source: Felix Choo via Alamy Stock Photo

Marina Bay Sands, a luxury hotel and casino in Singapore known for its unique architecture, has disclosed a data breach impacting the personal data of 665,000 non-casino loyalty-program members.

The data exposed for members of the Sands LifeStyle loyalty program includes: names, email addresses, phone numbers, countries of residence, as well as membership number and tier.

"We will be reaching out to loyalty program members and sincerely apologize for the inconvenience caused by this incident," Marina Bay Sands noted in a breach disclosure posted on its website. "We have reported it to the relevant authorities in Singapore and other countries where applicable and are working with them in their inquiries into the issue."

Cyberattacks on High-End Hospitality Ramp Up

The breach at the five-star stay comes on the heels of two high-profile ransomware hits on other resort-casinos: MGM Resorts and Caesar's Entertainment. The latter ended up paying $15 million in ransom to regain control of its infrastructure.

Darren James, a senior product specialist at Specops, noted that high profile hospitality organizations are likely to stay a popular target for cybercriminals, so it's worth shoring up known avenues of attack, like targeting high-privileged Okta accounts via help desk personnel.

"We don't have many details so far apart from unauthorized access being obtained," he noted in an email statement. "Although not confirmed in this case, this type of breach is usually gained by using compromised credentials or a socially engineered service desk, and should serve as a reminder for us all that poor password hygiene (use of compromised, short passwords) should no longer be tolerated in any business environment."

He added, "Alongside improvements to passwords, a strong second factor should be introduced wherever possible, and the service desk should be equipped with a way of verifying who is calling them for assistance."

About the Author

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights