Mega-Luxury Casino Owned by Las Vegas Sands Suffers Data Breach
Table of Contents
- By Steven
- Nov 08, 2023
In Singapore, there is a massive luxury resort named the Marina Bay Sands (MBS); its owner is state-side, known as the Las Vegas Sands (LVS). LVS hosts 11 properties in Asia and the US—MBS hosts more than 2,500 rooms. MBS is a vast resort with more than a million feet of entertainment options and 50+ on-campus restaurants. Sand’s knows a lot about their clients, and following a recent data breach, so do hackers.
How Did the Attack Occur?
The attack happened directly to MBS, where an unauthorized party gained access to their non-casino membership systems. The attackers specifically breached the “customers’ loyalty program membership data.” No other information is public about how the attack occurred or what made it possible. Most likely, the assault was part of a ransomware plot, where bad actors breach a system and hold information hostage. The attackers could threaten to release client data unless paid, putting their information at risk for misuse. Otherwise, the attackers could have purposely targeted client data, setting them up for complex impersonation crimes in the future.
What Information Was Viewed or Stolen?
The stolen information may include data from all Sands LifeStyle loyalty members. Although the investigations are ongoing, the resort made the list of potentially exposed data public. The leaked data may include names, email addresses, phone numbers, addresses, and membership numbers/tiers; even state-side consumers may have had their information stolen if they were a member of Sands LifeStyle.
How Did Marina Bay Sands Admit to the Breach?
According to the breach notice published on the MBS website, the event happened around October 19th and 20th, 2023. The resort purportedly discovered the threat on October 20th and swiftly expelled the actor. They immediately began internal investigations and have yet to conclude them. On October 7th, MBS sent notices to all Sands LifeStyle members warning them their data may be at risk. They also posted a website notice, which indicates over 665,000 people may have exposed data.
What Will Become of the Stolen Information?
It is challenging, if not impossible, to predict what may happen with the stolen data. If the attack was ransomware, Sands will have the option to “buy” it back. Regardless of how Sands faces the threat, the information is already out there. It’s not uncommon for victims to fulfill ransoms, only for the data to appear online later. Subsequently, no matter what happens to the data—the only way members can protect their identity is by taking action.
What Should Affected Parties Do in the Aftermath of the Breach?
Those who may have had data exposed in this breach have received notices already. More than a half million people would have received the notice, although specific breached data likely varies between individuals. The consumer notice suggests monitoring services for financials and identity concerns, but this is not enough to completely mitigate damages. Members should also consider updating accounts, enabling multi-factor authentication processes, and updating all devices.