Some of Australia's most senior defence figures have been caught up in a data breach after "sophisticated" cyber hackers targeted a five-star hotel in Singapore.
Between May and July this year, customer data was stolen from eight Shangri-La hotels across Asia, including the luxury Singapore venue where Defence Minister Richard Marles held top-level security talks with China shortly after Labor's election win.
In an email sent to guests this week, Shangri-La Group senior vice-president Brian Yu expressed "deep" regret for the incident and assured guests caught up in the breach that "all necessary steps" had been taken to investigate and contain the incident.
"Following the discovery of unauthorised activities on Shangri-La's IT network, we engaged cyber forensic experts to investigate the anomalies," he said.
"The investigation revealed that between May and July 2022, a sophisticated threat actor managed to bypass Shangri-La's IT security monitoring systems undetected, and illegally accessed the guest databases."
According to Mr Yu, the company's investigation confirmed "that certain data files had been exfiltrated from these databases".
"Although we were not able to confirm the content of the exfiltrated data files, it is likely that they contained guest data".
The affected hotels included Shangri-La properties across Singapore, as well as in Hong Kong, Taipei, Chiang Mai and Tokyo.
Databases hit by the hackers are believed to have contained personal details including guest names, email addresses, phone numbers, postal addresses, Shangri-La Circle membership numbers, reservation dates and company names.
Guests caught up in the data breach have been assured that information such as passport numbers, ID numbers, dates of birth and credit card details with expiry dates were adequately encrypted.
In June, Defence Minister Richard Marles, Chief of Defence General Angus Campbell and senior military and departmental officials travelled to Singapore for the annual Shangri-La Dialogue, held in the Singapore hotel bearing the same name.
On the sidelines of the security conference, Mr Marles met with his Chinese counterpart General Wei Fenghe, marking the first high-level contact between the two nations since a diplomatic freeze that began in early 2020.
The Defence Department confirmed it was aware of a data breach affecting Shangri-La hotels and said it was "working with the company to understand the impact on Australian Defence attendees at the Shangri-La Dialogue".
"Defence will work with any impacted personnel to minimise potential risks that could arise from this breach," a Defence spokesperson told the ABC.
