On 30 September 2022, the Shangri-La Group announced a data breach of its guests’ information at eight hotels across Chiang Mai, Hong Kong, Singapore, Taipei and Tokyo. The majority of the Shangri-La Hotel guests who attended the 19th Shangri-La Dialogue (SLD), especially dignitaries, registered in groups through their Embassies without submitting their personal details. Some hotel guests provided their personal particulars, and Shangri-La Group has informed them about the data breach. The impact of this breach on SLD is likely to be minimal, but MINDEF is taking further steps with the SLD organiser, the International Institute for Strategic Studies (IISS), and Shangri-La Group to enhance safeguards.
The Personal Data Protection Act (PDPA) requires all organisations to put in place reasonable security measures to protect the personal data in their possession and/or control, to prevent unauthorised access, disclosure or modification. The Personal Data Protection Commission (PDPC) is investigating the data breach of guest information at Shangri-La Singapore.
Organisations are responsible for safeguarding their systems and their customers’ personal data. To support organisations, PDPC has published the "Guide to Data Protection Practices for ICT Systems", a compilation of good practices that organisations can implement to enhance data protection. The Cyber Security Agency of Singapore (CSA) has also developed various resources, including cybersecurity toolkits, to guide enterprise leaders and their employees to strengthen their cyber defences.