Marina Bay Sands, a luxury hotel and casino in Singapore known for its unique architecture, has disclosed a data breach impacting the personal data of 665,000 non-casino loyalty-program members.
The data exposed for members of the Sands LifeStyle loyalty program includes: names, email addresses, phone numbers, countries of residence, as well as membership number and tier.
“We will be reaching out to loyalty program members and sincerely apologize for the inconvenience caused by this incident,” Marina Bay Sands noted in a breach disclosure posted on its website. “We have reported it to the relevant authorities in Singapore and other countries where applicable and are working with them in their inquiries into the issue.”
Cyberattacks on High-End Hospitality Ramp Up
The breach at the five-star stay comes on the heels of two high-profile ransomware hits on other resort-casinos: MGM Resorts and Caesar’s Entertainment. The latter ended up paying $15 million in ransom to regain control of its infrastructure.
Darren James, a senior product specialist at Specops, noted that high profile hospitality organizations are likely to stay a popular target for cybercriminals, so it’s worth shoring up known avenues of attack, like targeting high-privileged Okta accounts via help desk personnel.
“We don’t have many details so far apart from unauthorized access being obtained,” he noted in an email statement. “Although not confirmed in this case, this type of breach is usually gained by using compromised credentials or a socially engineered service desk, and should serve as a reminder for us all that poor password hygiene (use of compromised, short passwords) should no longer be tolerated in any business environment.”
He added, “Alongside improvements to passwords, a strong second factor should be introduced wherever possible, and the service desk should be equipped with a way of verifying who is calling them for assistance.”