Around 665,000 Marina Bay Sands (MBS) LifeStyle reward members had their data accessed by an "unknown third party" last month.
The breach occurred on Oct. 19 and 20, but affected members were only informed via email on Nov. 7 at around 9am.
MBS 'immediately took action' to resolve incident
MBS told Mothership that the compromised personal data of non-casino members included information such as names, email addresses, mobile numbers, phone numbers, countries of residence, as well as membership numbers and tiers.
The "data security incident" was attributed to an "unknown third party", said MBS Chief Operating Officer Paul Town in the email to members.
Town said in the email that the resort was first aware of the "data security incident" on Oct. 20, and "immediately took action to resolve it".
He assured members that their personal data was "not affected".
"Based on our investigation, we do not have evidence to date that the unauthorised third party has misused the data to cause harm to customers," Town wrote in the email.
He also clarified, "We do not believe that membership data from our casino rewards programme, Sands Rewards Club, was affected."
However, it should be noted that MBS informed its affected members almost three weeks after it was made aware of the unauthorised data access.
Although the data was not compromised in this case, an unauthorised data access still constitutes a data breach if it results in significant harm to the affected individual or affects more than 500 people.
Mothership has asked MBS why it took three weeks to notify affected customers of the breach.
What you can do to safeguard your MBS account
Members are advised to monitor their account for suspicious activity and change their log-in pin regularly .
If you are one of the affected members, you are also encouraged to exercise more caution against phishing attempts, especially when clicking on links that may lead to potentially malicious websites requesting your password or other personal information.
MBS has reported the incident to the relevant authorities in Singapore and other countries where customer data was affected, and continue to cooperate with them.
Organizations found in violation of the Personal Data Protection Act can face financial penalties, either 10 per cent of their annual turnover in Singapore or S$1 million, whichever is higher, in the event of a data breach.
Mothership has reached out to MBS for further comment.
Top image from Pixabay.