MBS Data Breach: Government Addresses Delayed Notification and PDPA Guidelines

The recent breach affecting 665,000 Marina Bay Sands (MBS) LifeStyle reward members, disclosed by MBS on Nov. 7, 2023, drew attention during a parliamentary sitting on Nov. 22. Minister for Communications and Information Josephine Teo addressed queries about the breach, emphasizing adherence to guidelines outlined in the Personal Data Protection Act (PDPA).

MP Hany Soh raised concerns about the delayed notification and whether authorities were informed promptly. Minister Teo clarified that MBS discovered the breach on Oct. 20 and duly notified the Personal Data Protection Commission (PDPC) by Oct. 24, aligning with the PDPA guidelines’ stipulated timeline for reporting.

Explaining the rationale behind delayed notifications, Teo highlighted steps organizations must take post-breach, prioritizing containment, assessment, and securing systems before reporting. PDPC investigations into the MBS breach aim to determine potential harm to affected individuals and the timeliness of notifications.

Addressing assistance to affected members, Teo disclosed that two individuals have approached PDPC seeking accountability from MBS, indicating PDPC’s intent to act accordingly. MBS, upon notifying members, detailed the compromised data, offering guidance on account security and safeguarding personal information.

Regarding organizations managing extensive data, Teo emphasized existing obligations for robust data protection, especially concerning sensitive data like medical and financial records. PDPC mandates enhanced protection practices for entities handling large volumes of sensitive personal information, with penalties tied to inadequate safeguards for such data.

- Advertisment -ad

Most Popular