Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Marina Bay Sands (MBS) in Singapore has been fined S$315,000 (around US$243,300) after authorities determined it failed to properly safeguard customer information during a major system migration. The lapse exposed the personal details of 665,495 patrons for more than six months in 2023.
Good to Know
- The data leak affected members of the MBS LifeStyle rewards programme, not casino accounts.
- Information was accessible from March to October 2023 before being stolen by unknown hackers.
- PDPC ruled that MBS ignored clear cybersecurity risks during its software migration.
The Singapore Personal Data Protection Commission (PDPC) said the breach occurred when MBS tasked a single employee with manually transferring data as part of a software migration. Without proper oversight or a second-layer review, missteps in API configurations allowed external actors to infiltrate the system and extract data on October 19 and 20, 2023.
Officials said the casino-resort operator failed to implement standard protection checks despite the size and sensitivity of the operation. The PDPC noted that the stolen data appeared for sale on the dark web, where it could be used for scams or identity theft.
How Did the Marina Bay Sands Breach Happen?
The exposed information came from MBS’s LifeStyle loyalty programme and included customers’ names, email addresses, phone numbers, countries of residence, and membership details such as tier and ID number. The company confirmed that no casino rewards data or financial records were compromised.
177% up to 5BTC + 77 Free Spins!
New players only. Exclusive Welcome Bonus of 177% + 77 Free Spins
The PDPC criticized MBS for its lack of internal safeguards, saying it should have recognized the “clear risks” of assigning a single employee to manage such a complex migration project.
“As a large enterprise with significant turnover in Singapore, MBS had the required resources to protect their patrons,” the watchdog stated. “MBS’ failure to put in place proper processes for something as critical as security policy was a negligent contravention of the Protection Obligation.”
Singapore’s data laws were tightened in 2022, allowing penalties of up to 10% of annual turnover for companies earning more than S$10 million per year. MBS, which reported S$5.43 billion in net revenue in 2023, fell well within that range.
What Steps Has Marina Bay Sands Taken Since the Breach?
After the discovery, Marina Bay Sands said it immediately began an internal review and hired an external cybersecurity firm to investigate the incident. The operator’s parent company, Las Vegas Sands, also pledged to reinforce its global data protection measures.
5BTC or 111% + 111 Free Spins!
New players only. Exclusive 111% Welcome Bonus + 111 Free Spins
In a statement, MBS Chief Operating Officer Paul Town urged affected customers to remain cautious:
“Monitor your account for suspicious activity, change your log-in pin regularly and be extra vigilant against phishing attempts.”
MBS also promised that new measures — including stronger access controls, employee training, and enhanced system monitoring — are now in place to prevent similar incidents.
FAQ
Who was affected by the Marina Bay Sands breach?
Members of the MBS LifeStyle rewards programme had their personal data exposed between March and October 2023.
Was casino or payment data stolen?
No. MBS confirmed that casino loyalty and financial account information were not accessed during the breach.
What caused the incident at Marina Bay Sands?
An internal error during software migration allowed hackers to exploit unsecured configurations and extract customer data.
350% or 5BTC + 150 Spins!
New players only. Exclusive Welcome Bonus of 350% + 150 Free Spins
What action did regulators take?
The PDPC fined MBS S$315,000 for failing to comply with data protection obligations under Singapore law.
The post Marina Bay Sands Fined for Data Breach Affecting 665,000 Customers appeared first on iGaming.org.