Marina Bay Sands Becomes Latest Hospitality Cyber VictimMarina Bay Sands Becomes Latest Hospitality Cyber Victim
Unknown attackers have accessed PII for hundreds of thousands of loyalty customers at the high-end Singapore establishment.
November 7, 2023
Marina Bay Sands, a luxury hotel and casino in Singapore known for its unique architecture, has disclosed a data breach impacting the personal data of 665,000 non-casino loyalty-program members.
The data exposed for members of the Sands LifeStyle loyalty program includes: names, email addresses, phone numbers, countries of residence, as well as membership number and tier.
"We will be reaching out to loyalty program members and sincerely apologize for the inconvenience caused by this incident," Marina Bay Sands noted in a breach disclosure posted on its website. "We have reported it to the relevant authorities in Singapore and other countries where applicable and are working with them in their inquiries into the issue."
Cyberattacks on High-End Hospitality Ramp Up
The breach at the five-star stay comes on the heels of two high-profile ransomware hits on other resort-casinos: MGM Resorts and Caesar's Entertainment. The latter ended up paying $15 million in ransom to regain control of its infrastructure.
Darren James, a senior product specialist at Specops, noted that high profile hospitality organizations are likely to stay a popular target for cybercriminals, so it's worth shoring up known avenues of attack, like targeting high-privileged Okta accounts via help desk personnel.
"We don't have many details so far apart from unauthorized access being obtained," he noted in an email statement. "Although not confirmed in this case, this type of breach is usually gained by using compromised credentials or a socially engineered service desk, and should serve as a reminder for us all that poor password hygiene (use of compromised, short passwords) should no longer be tolerated in any business environment."
He added, "Alongside improvements to passwords, a strong second factor should be introduced wherever possible, and the service desk should be equipped with a way of verifying who is calling them for assistance."
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report