A data bank containing details including names, telephone numbers and email addresses for 665,000 shoppers at the Marina Bay Sands (MBS) casino resort (pictured) was last month breached and accessed by an ‘unauthorised third party’, a spokesperson from Marina Bay Sands confirmed to GGRAsia.

The person said the company did “not have evidence to date that the unauthorised third party has misused the data to cause harm to customers”.

The story had first been reported by local news outlet Today, citing an email to customers from Paul Town, the property’s chief operating officer.

A Marina Bay Sands spokesperson told GGRAsia in response to our enquiry: “Marina Bay Sands became aware of a data security incident on 20 October 2023 involving unauthorised access on 19 and 20 October 2023 to some of our customers’ loyalty programme membership data.”

“Upon discovery of the incident, our teams immediately took action to resolve it. Investigations have since determined that an unknown third party accessed customer data of about 665,000 non-casino rewards programme members,” the statement added. “We do not believe that membership data from our casino rewards programme was affected.”

The statement added: “After learning of the issue, we quickly launched an investigation, have been working with a leading external cybersecurity firm, and have taken action to further strengthen our systems and protect data.”

The relevant personal data that was affected, where applicable, involved, said the group: email address; mobile telephone number; any other phone number; country of residence; membership number, and membership tier.

“We will be reaching out to Sands LifeStyle loyalty programme members and sincerely apologise for the inconvenience caused by this incident. We have reported it to the relevant authorities in Singapore and other countries where applicable and are working with them in their inquiries into the issue,” added the statement.

The Today news outlet cited property COO Mr Town as reiterating in his letter to customers advice for people to monitor accounts for any signs of suspicious activity and to change “login pin” regularly, and to be especially vigilant against so-called ‘phishing’ attempts.

In particular, customers should beware of links that might direct them to malicious websites where a password or other personal information might be requested, he added.