MCI Response to PQ on Recent Data Breach at Eight ShangriLa Hotels in Asia

07 NOV 2022

Parliament Sitting on 7 November 2022

QUESTION FOR WRITTEN ANSWER

42.Mr Yip Hon Weng: To ask the Minister for Communications and Information with regard to the recent data breach at eight Shangri-La hotels in Asia (a) whether any foreign dignitaries’ personal data who attended the 19th Shangri-La Dialogue at the Shangri-La Hotel in Singapore have been compromised; (b) how will this affect Singapore’s reputation as the host of a top tier security-related conference; and (c) what is Singapore doing to prevent such breaches in such top level events in the future.

Answer:

  1. On 30 September 2022, the Shangri-La Group announced a data breach of its guests’ information at eight hotels across Chiang Mai, Hong Kong, Singapore, Taipei and Tokyo. The majority of the Shangri-La Hotel guests who attended the 19th Shangri-La Dialogue (SLD), especially dignitaries, registered in groups through their Embassies without submitting their personal details. Some hotel guests provided their personal particulars, and Shangri-La Group has informed them about the data breach. The impact of this breach on SLD is likely to be minimal, but MINDEF is taking further steps with the SLD organiser, the International Institute for Strategic Studies (IISS), and Shangri-La Group to enhance safeguards.

  2. The Personal Data Protection Act (PDPA) requires all organisations to put in place reasonable security measures to protect the personal data in their possession and/or control, to prevent unauthorised access, disclosure or modification. The Personal Data Protection Commission (PDPC) is investigating the data breach of guest information at Shangri-La Singapore.

  3. Organisations are responsible for safeguarding their systems and their customers’ personal data. To support organisations, PDPC has published the “Guide to Data Protection Practices for ICT Systems”, a compilation of good practices that organisations can implement to enhance data protection. The Cyber Security Agency of Singapore (CSA) has also developed various resources, including cybersecurity toolkits, to guide enterprise leaders and their employees to strengthen their cyber defences.