Vietnam Probes Breach at National Credit Information Center, ShinyHunters Suspected
Published
- VNCERT-confirmed breach: Vietnam’s Cyber Emergency Response Center confirmed the country’s National Credit Information Center was breached.
- Why it matters: Managed by the State Bank of Vietnam, the CIC stores sensitive financial information allegedly seen by ShinyHunters.
- What may have been affected: Information like personal details, credit payment histories, and risk analysis data could be exposed.
Vietnamese authorities are investigating a significant cyberattack targeting the National Credit Information Center (CIC), a critical unit managed by the State Bank of Vietnam. The incident has raised serious concerns about financial data security within the country.
Details of the Vietnam Credit Data Breach
The CIC, which stores sensitive financial information including personal details, credit payment histories, and risk analysis data, was subjected to an attack aimed at exfiltrating personal data.Â
"Initial investigation indicated signs of unauthorized access aimed at stealing personal data," the Vietnam Cyber Emergency Response Center (VNCERT) said in a statement late on Thursday, cited by Reuters.
In a letter to financial institutions, the CIC stated that the attack has not disrupted its operational systems, which remain fully functional. Vietnam's cybersecurity agency announced that the full extent of the data breach is still under assessment.
The national cyberresponse team is taking emergency measures to deal with the incident, the government said on its website. Reports say the CIC doesn't store critical data like banks credit card number or OTP or passwords.
Suspected Involvement of ShinyHunters
The CIC suspects the Shiny Hunters cyberattack group is behind the breach, Reuters reported. This international hacker collective is notorious for targeting major global corporations and government databases to steal and sell sensitive information.Â
The group's suspected involvement elevates the severity of the incident, signaling a sophisticated and targeted operation against Vietnam's financial infrastructure. While authorities have not officially confirmed the number of affected accounts, the potential for a large-scale data leak is significant.Â
This event underscores the growing threat of sophisticated cyber adversaries targeting national-level data repositories.Â
This month, alleged Scattered Spider, LapSus, and ShinyHunters members threatened Google with a breach unless Austin Larsen (Principal Threat Analyst with TIG) and Charles Carmakal (Chief Technology Officer at Mandiant) were fired. The same collective claimed responsibility for the Allianz Life data breach.
Implications for Vietnam Cybersecurity Measures
The National Credit Information Center hack highlights the increasing data leakage problem in Vietnam. According to a 2024 report from a state-owned telecommunications firm, leaked accounts in the country surged, representing a substantial portion of the global total.Â
Investment bank JPMorgan said in a note to investors to stay invested in Vietnamese banks, noting that it could mean higher cybersecurity costs for banks and a potential risk to deposit flows.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular