Personal data of 665,000 Marina Bay Sands lifestyle rewards members accessed in data security breach
Some email addresses and mobile phone numbers were affected by the security incident.
The Marina Bay Sands integrated resort in Singapore, Jul 26, 2022. (File photo: REUTERS/Edgar Su)
This audio is generated by an AI tool.
SINGAPORE: The personal data of 665,000 Marina Bay Sands customers was accessed in a data security breach in October.
The "unauthorised access" took place on Oct 19 and Oct 20 and involved the data of some Sands LifeStyle rewards programme members, said a Marina Bay Sands (MBS) spokesperson on Tuesday (Nov 7).
MBS said in response to queries from CNA that it became aware of the "data security incident" on Oct 20.
It added that "relevant personal data that was affected, where applicable" comprised names, email addresses, phone numbers, country of residence as well as membership number and tier.
In an email to customers seen by CNA, chief operating officer Paul Town said that MBS "immediately took action" to resolve the issue.
"We understand that you may be concerned about this incident, and wish to advise that based on our current investigation findings, your personal data was not affected," he said.
Investigations determined that an unknown third party had accessed customer data of about 665,000 non-casino rewards programme members. Membership data from MBS' casino rewards programme is believed to be unaffected.
.jpg?itok=qCyvzgTo)
MBS said it is working with an external cybersecurity firm and has acted to further strengthen its systems and protect data.
"Based on our investigation, we do not have evidence to date that the unauthorised third party has misused the data to cause harm to customers," said Mr Town.
"We have reported this incident to the relevant authorities in Singapore and other countries where applicable and are working with them in their inquiries into the issue."
In his email, Mr Town also laid out some precautionary measures.
"Although your personal data was not affected, it is best practice to monitor your account for suspicious activity and change your log-in pin regularly, and to be extra vigilant against phishing attempts, particularly against clicking on links that may direct you to malicious websites where your password or other personal information may be requested."
