Marina Bay Sands data breach highlights need for EDR

A large-scale data breach on the hotel resort highlights the importance of endpoint detection and response (EDR) and businesses having robust cybersecurity

The Singapore-based luxury resort Marina Bay Sands revealed it was hit by a security incident that has exposed the personal data of 665,000 customers.

According to a statement published by the resort, the incident occurred on 19-20th October 2023 and involved unauthorised third-party access to its non-casino customers’ loyalty programme membership data. The leaked data included personally identifiable information consisting of names, email addresses, mobile phone numbers, countries of residence and membership numbers.

This news comes in the wake of reports suggesting that nearly one-third (31%) of hospitality organisations experiencing data breaches, with the average cost of a breach US$3.4m.

Continued high profile attacks suggest greater response systems needed

The incident comes just weeks after hospitality and entertainment giant MGM Resorts also disclosed a very disruptive ransomware attack that will cost the company more than US$110m.

Marina Bay Sands’ attacker gained access to information such as name, email address, phone number, country of residence, and membership details. The company said it had found no evidence that the compromised data would “cause harm to customers.”

Other large corporations continue to be impacted by data breaches and ransomware attacks, with another recent high profile example the Boeing cyberattack which saw huge risk to the organisation’s business supply chains.

Ransomware attacks in particular are on the rise globally, with reports suggesting that they have doubled over the past two years.

Upon discovery of the incident, Marina Bay Sands said that it immediately took action to resolve the problem. Its security notice revealed that subsequent investigations have determined that an unknown third party accessed customer data of its non-casino rewards programme members.

The company stated that it does not believe that membership data from its casino rewards programme, Sands Rewards Club, was affected.

Cyberattacks on businesses: ‘Not a question of if, but when’

After discovering the breach, the company quickly launched an investigation and stated that it has been working with a leading external cybersecurity firm, as well as taking further action to strengthen its systems to protect data.

Companies must be aware that cyberattacks and data breaches of this scale are inevitable as cybercriminals continue to exploit sensitive information. Therefore, enterprises must have appropriate threat detection and response measures in place to better protect themselves and their customers.

Durali Cingit, Cyber Incident Response Consultant at Integrity360, says: “Security incidents for high profile hospitality organisations seem to be on a rise these past few months… These kinds of breaches occur due to threat actors using social engineering to bait the users into giving their credentials or one-time codes to bypass multi-factor authentication.”

Cingit continued: “Resorts like these have guest and internet facing networks that can allow the threat actors to gain access if they are not configured correctly or the latest vendor software updates have not been installed to tackle vulnerabilities. 

“Businesses should thoroughly investigate how the breach occurred and consider implementing an IR team to investigate and identify the source of the breach in order to contain it as quickly as possible. Businesses as big as Marina Bay Sands should have Endpoint Detection and Response (EDR) installed on all endpoints already and an Intrusion detection (IDS) and prevention (IPS) system within their network environment in order to detect and stop potential incidents as it allows for monitoring of traffic on the network to identify any known malicious behaviour.”

******

For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.  

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.

Share

Featured Articles

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

See Below for a Newly Announced Speaker List for Tech Show London 2024, as it Promises to Showcase Technology Trends Will Impact Various Sectors

Darktrace predicts AI deepfakes and cloud vulnerabilities

Darktrace reveals its top predictions for AI and cybersecurity developments in 2024, which include AI worms, hallucinations and cloud concerns

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI

IT and OT security with Ilan Barda, CEO of Radiflow

Cyber Security

QR ‘Quishing’ scams: Do you know the risks?

Application Security