Major Data Breach at Vietnam‘s National Credit Information Center
Hanoi, Vietnam – September 12, 2023 – A significant data breach has compromised the National Credit Information Centre (CIC) of Vietnam, potentially exposing the personal information of millions. The breach, attributed to the hacking group ShinyHunters, prompted an immediate investigation launched by law enforcement and data protection regulators.
The Department of Cybersecurity of Vietnam, alongside state-owned technology firms Viettel, VNPT, and NCS, is working to determine the scope of the incident and identify exploited vulnerabilities. Vietnam’s national cyberresponse team has also been activated to implement emergency measures and coordinate the response.
VNCERT, Vietnam’s cybersecurity emergency response team, has warned individuals and organizations against downloading, sharing, or exploiting any leaked data, stating that violations will be prosecuted under Vietnamese law. However, VNCERT acknowledged it cannot prevent misuse of data already circulating online.
The State Bank of Vietnam (SBV) confirmed that CIC is one of four authorized credit information providers in the country. While the compromised data does not include sensitive financial details like bank account numbers, balances, or credit/debit card information, other Personally Identifiable Information (PII) – including contact information and payment identifiers – is believed to be affected and could be exploited by fraudsters.
The SBV affirmed that commercial banks’ IT systems remain secure and stable,and that financial institutions are regularly directed to strengthen security measures and protect customer rights.
Investment bank JPMorgan cautioned investors on Friday that the breach could increase cybersecurity costs for banks and potentially impact deposit flows, but maintained a recommendation to remain invested in Vietnamese banks “barring a widespread impact or further incidents.”
