Effects of Recent Data Breach at Eight Shangri-La Hotels in Asia
Ministry of Home AffairsSpeakers
Summary
This question concerns Mr Yip Hon Weng's inquiry regarding the Shangri-La data breach's impact on dignitaries and Singapore's reputation as a conference host. Minister Josephine Teo stated the impact was likely minimal as most dignitaries registered via embassies without providing personal particulars. She noted that the Personal Data Protection Commission is investigating the breach while MINDEF collaborates with organisers to enhance security safeguards. Minister Josephine Teo highlighted that the Personal Data Protection Act requires organisations to implement reasonable measures to protect personal data from unauthorised access. She added that government resources, including cybersecurity toolkits and practice guides, are available to help organisations and enterprise leaders strengthen their digital defences.
Transcript
42 Mr Yip Hon Weng asked the Minister for Communications and Information with regard to the recent data breach at eight Shangri-La hotels in Asia (a) whether the personal data of any foreign dignitaries who attended the 19th Shangri-La Dialogue at the Shangri-La Hotel in Singapore have been compromised; (b) how will this affect Singapore’s reputation as the host of a top-tier security-related conference; and (c) what is Singapore doing to prevent such breaches in such top level events in the future.
Mrs Josephine Teo: On 30 September 2022, the Shangri-La Group announced a data breach of its guests’ information at eight hotels across Chiang Mai, Hong Kong, Singapore, Taipei and Tokyo. The majority of the Shangri-La Hotel guests who attended the 19th Shangri-La Dialogue (SLD), especially dignitaries, registered in groups through their Embassies without submitting their personal details. Some hotel guests provided their personal particulars, and Shangri-La Group has informed them about the data breach. The impact of this breach on SLD is likely to be minimal, but MINDEF is taking further steps with the SLD organiser, the International Institute for Strategic Studies (IISS), and Shangri-La Group to enhance safeguards.
The Personal Data Protection Act requires all organisations to put in place reasonable security measures to protect the personal data in their possession and/or control to prevent unauthorised access, disclosure or modification. The Personal Data Protection Commission (PDPC) is investigating the data breach of guest information at Shangri-La Singapore.
Organisations are responsible for safeguarding their systems and their customers’ personal data. To support organisations, PDPC has published the "Guide to Data Protection Practices for ICT Systems", a compilation of good practices that organisations can implement to enhance data protection. The Cyber Security Agency of Singapore has also developed various resources, including cybersecurity toolkits, to guide enterprise leaders and their employees to strengthen their cyber defences.