Plugging the credit data breach

Reporter: With the data leak at CIC, what is the biggest risk that people may face, sir?

* Mr. NGO MINH HIEU : Although the CIC incident is serious and there are signs of personal data leakage, information such as passwords, CPC, CPV, credit card numbers, and banking transaction history are not included in the data that CIC collects or displays in the current situation. Therefore, people's transactions and credit card information will not be affected by this incident.

No bank has officially asked customers to lock their accounts or change their passwords or security codes just because of concerns about data leaks. Such requests are just rumors from bad actors impersonating them. The specific scams warned about after this incident according to Ho Chi Minh City Police are impersonating banks, CIC, and state agencies to call, text, and send emails with requests for personal information, notifications of “bad debt,” “account lock,” or luring users into providing passwords, OTP codes, or clicking on malicious links.

In addition, there are tricks such as “CIC debt cancellation”, “card limit increase”, advertising quick loans, credit debt reduction… often targeting students and workers. Or impersonating relatives, leaders, colleagues to gain trust, requesting urgent money transfers. There are even cases of impersonating police, prosecutors, courts, accusing victims of being involved in “money laundering” and then requesting money to be transferred to a “safe account”.

Through the incident, how do you evaluate the hacker group? Are they individuals or professional organizations?

* On September 8, 2025, cyber fraud experts discovered that the ShinyHunters group claimed to have hacked into CIC and stolen more than 160 million data records. This data has not been fully verified to be real from CIC, so we decided not to publish or share it. The data was put up for sale on hacker forums shortly after.

This is one of the largest data breaches ever recorded in Vietnam, affecting a large portion of the population. ShinyHunters is a notorious black hat hacker group that emerged in 2020 with a series of large-scale data breaches. This group operates by extortion after stealing data. They demand ransom, and if the victim does not pay, they will sell or post it on the dark web.

In a short period of time, ShinyHunters has become one of the most talked about groups in the cybersecurity community due to a series of large-scale, continuous attacks. They even ran their own data trading forums (like BreachForums) to sell personal information.

ShinyHunters publicly claimed responsibility and sold the data under the group’s familiar name, providing samples of the data to buyers. The group chose CIC because of its “huge data pool” and the potential for profit from selling the data.

From this data leak incident, what urgent measures need to be taken and what lessons can be applied to Vietnam, sir?

* People need to be absolutely vigilant against calls and messages impersonating banks, CIC or authorities. Do not provide card information, expiration date, password, OTP code to anyone; do not click on links in messages, emails, Zalo..., especially with strange attachments. Do not believe in advertisements for "CIC debt cancellation", "fast and safe loans", regularly monitor transaction history (if there is any abnormality, immediately contact the bank's switchboard or go to the nearest branch).

Urgent measures that relevant units need to take are to prioritize isolating, fixing vulnerabilities, replacing outdated components; reviewing logs, monitoring unusual transactions; considering providing credit monitoring services to people; coordinating with credit institutions to strengthen verification.

The lesson is that every data incident has long-term consequences. It is important to raise public awareness; at the same time, organizations must tighten security, apply multi-factor authentication, strictly manage access rights, and operate secure cloud systems.

Source: https://www.sggp.org.vn/lap-lo-hong-ro-ri-du-lieu-tin-dung-post813020.html