Dive Brief:
- Marina Bay Sands, a casino and hotel in Singapore, said the personal data of about 665,000 non-casino rewards program members was exposed by an unauthorized intrusion into its systems last month.
- The resort, which is owned by Las Vegas-based Las Vegas Sands Corp., identified and contained the cyberattack on Oct. 20 and determined unauthorized access began the previous day, the company said in a Tuesday statement.
- “Based on our investigation, we do not have evidence to date that the unauthorized third party has misused the data to cause harm to customers,” the company said. Impacted data includes names, email addresses, phone numbers, country of residence and membership numbers.
Dive Insight:
The incident follows damaging attacks on a pair of Las Vegas-based casino and hotel operators, MGM Resorts and Caesars Entertainment, which disrupted services and exposed personal data. Thus far, the incident has cost MGM about $100 million.
A collection of young, native English-speaking threat actors identified by researchers as Oktapus, Scattered Spider or Octo Tempest, claimed responsibility for the September ransomware attacks on the casino giants.
Marina Bay Sands declined to answer questions and a spokesperson for Las Vegas Sands said the incident is specific to Marina Bay Sands’ non-gaming loyalty game. The hotel and casino company also operates five properties in Macao and a resort under development in New York.
The Singapore-based property said it launched an investigation with the assistance of an external cybersecurity firm and took steps to strengthen its systems.