Marina Bay Sands Hotel Data Breach commentary from Semperis
The commentary from Sean Deuby, Principal Technologist, Semperis regarding the Marina Bay Sands Hotel data breach.
Today’s disclosure of a data breach involving the Singapore-based Marina Bay Sands hotel and casino, on top of recent attacks on Las Vegas-based MGM and Caesars, has left the entire hotel and casino industry on edge.
The silver lining in this most recent breach is that hackers don’t appear to have walked away with the crown jewels of personally identifiable information such as social security numbers and credit card data. However, by stealing other personal information about Marina Bay Sands’ loyal customers such as email addresses, and mobile phone numbers, there is a high probability that the attackers could conduct other social engineering-based attacks and phishing scams in the weeks ahead or sell the data to the highest bidders on the dark web.
Most data breaches of this nature lead to material losses for the organisation, its employees and customers. While the hotel is still assessing the magnitude of losses, the good news is that Marina Bay has a seasoned security team in place, and they will close any gaps and return the hotel and casino to full capacity as quickly as possible. I’m certain Marina Bay focuses regularly on the resiliency of their systems and run tabletop exercises that enables them to harden critical systems before attacks occur. This strategy helps to reduce losses in times of crisis.
There’s no sugarcoating the fact that when sensitive data is exposed it can be jarring to companies. However, defenders can make their organisations so difficult to compromise that hackers look for lower-hanging fruit in the ecosystem to attack. And with Active Directory environments vulnerable, hackers frequently target these environments, making it imperative that organisations have real-time visibility to changes to elevated network accounts and groups.