Another top casino has been hit with a massive data breach

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

One of the world's most iconic casinos has been hit by a cyberattack that affected hundreds of thousands of its customers.

The Marina Bay Sands (MBS) luxury resort and casino in Singapore posted an announcement explaining that threat actors accessed its systems on October 19 and 20 2023. 

During that time, they managed to steal “some of our customers’ loyalty program membership data,” the company said.

Was it ransomware?

“Investigations have since determined that an unknown third party accessed customer data of about 665,000 non-casino rewards program members,” the announcement reads.

The unidentified hackers stole MBS’ customers’ data, including names, email addresses, mobile phone numbers, landline numbers, countries of residence, and membership numbers and tiers. 

Hackers usually use this type of information in identity theft or phishing attacks, so users of the MBS rewards program should be wary of any emails they receive, claiming to be coming from the casino.

MBS stressed that casino members weren’t impacted by the incident. Apparently, no payment data was accessed. The victims were (or will be) notified individually, the company added, saying that it already reported the incident to the police and other relevant law enforcement agencies and authorities. 

Some media speculate that the data theft might be a part of a ransomware attack, as ransomware threat actors often steal sensitive data and then demand payment not to leak it on the dark web. 

However, ransomware also usually includes the deployment of an encryptor that cripples systems and renders endpoints inaccessible, which doesn’t seem to have been the case here.

Marina Bay Sands is not the only casino company being targeted by cybercriminals this year. In mid-September this year, we reported a major outage at MBM Resorts International, which was most likely the result of a ransomware attack. It was big enough to draw the attention of the FBI.

The attack was attributed to a threat actor by the name Scattered Spider. 

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.