Marina Bay Sands Data Security Incident Notification

Table of Contents

Marina Bay Sands Shopping Membership Programme Data Security Incident

This week, there was yet another data breach incident and this time the news comes out of Singapore. The largest casino in the City/Country of Singapore sent out the email notification below to alert MBS LifeStyle rewards members about the 19th and 20th of Octobers data security incident. The email below is the notification and an example of a notification via email during a crisis management period. We are writing to you regarding a data security incident involving the unauthorized access by a third party to personal data of some of our Sands LifeStyle rewards programme members that transpired on 19 and 20 October 2023 and that we first became aware of on 20 October 2023. Based on our current investigation findings, your personal data was accessed in the incident. This email outlines what transpired, what actions we have taken to address it, and what it may mean for you. Upon discovery of the incident, our teams immediately took action to resolve it. Investigations have since determined that an unknown third party accessed customer data of about 665,000 non-casino rewards programme members. Based on our investigation, we do not have evidence to date that the unauthorized third party has misused the data to cause harm to customers. We do not believe that membership data from our casino rewards programme, Sands Rewards Club, was affected. After learning of the issue, we quickly launched an investigation, have been working with a leading external cybersecurity firm, and have taken action to further strengthen our systems and protect data. Your relevant personal data that was affected, where applicable, may have included: • Name • Email address • Mobile phone number • Phone number • Country of residence • Sands LifeStyle membership number and tier We recommend that you closely monitor your account for suspicious activity, and change your log-in pin regularly. We also recommend that you remain extra vigilant against phishing attempts, particularly against clicking on links that may direct you to malicious websites where your password or other personal information may be requested. We sincerely apologize for the inconvenience caused by this incident. We have reported it to the relevant authorities in Singapore and other countries where applicable and are working with them in their inquiries into the issue. Should you have further questions, you may contact us by email at [email protected] or by telephone at +65 6688 8897. Yours sincerely, Paul Town Chief Operating Officer

Online Privacy Compliance Made Easy

Captain Compliance makes it easy to develop, oversee, and expand your privacy program. Book a demo or start a free 30-day trial now.