Banks warn against being exploited and scammed after cyber security incident at CIC

Late on September 12, regarding the cyber security incident at the Vietnam National Credit Information Center (CIC) just announced by the Vietnam Cyberspace Emergency Response Center (VNCERT), with initial results showing signs of personal data breach, a number of commercial banks and payment intermediaries have sent warnings to customers.

According to VPBank , the data reported to CIC by banks in the system is in compliance with the regulations of the State Bank. The following information is completely confidential in VPBank's data system and is not included in the CIC reporting data system, including information about electronic banking system login data including: username, password, personal biometric information.

Information about data related to debit and credit cards, including: the 16-digit sequence printed on the front of the card, the CVV/CVC code printed on the back of the card, is also not reported to CIC.

Customer assets and transactions at VPBank are secured through multiple layers such as biometric authentication, OTP authentication and SmartOTP (two types of codes generated by the system during the authentication process, with no stored information and no possibility of disclosure except in the case where the user directly provides this code to another person or the user's device is hijacked).

Be vigilant to avoid being spread malware and scams.

Therefore, banks recommend that customers should consult information from official sources to avoid confusion and being taken advantage of by organizations and individuals who are not/are not related to financial and banking operations.

"With this cyber security incident, criminals cannot directly appropriate assets but can take advantage of leaked information to spread malware, build fraud scenarios and appropriate assets. Customers need to constantly raise their vigilance against increasingly sophisticated forms of fraud by criminals and absolutely do not install applications from unofficial sources and do not provide OTP/SmartOTP codes to anyone, including those claiming to be bank employees" - VPBank representative advised.

Ngân hàng cảnh báo tránh bị lợi dụng, lừa đảo sau sự cố an ninh mạng tại CIC- Ảnh 2. — Information on electronic banking login data, debit cards, credit cards... are not entered into the reporting data system at CIC.

In response to information about a serious information security incident occurring at CIC, 9Pay Joint Stock Company affirmed that customer data and 9Pay's system were completely unaffected by the above incident.

According to VNCERT's confirmation, this incident is a cyber attack with signs of crime, appropriating personal data, and is considered one of the most serious data breaches in Vietnam to date.

"9Pay affirms that it does not share or transmit any company or customer data to CIC. All personal information, card information and transaction data of customers using 9Pay services are not affected by this incident" - the announcement of this digital payment platform clearly stated.

The State Bank said it had received a report from CIC about the incident related to credit information here, and promptly directed CIC to urgently report and closely coordinate with competent state agencies to verify and handle it. At the same time, it ensured that CIC's operations were continuous and smooth.

Currently, functional agencies such as the Department of Cyber Security and High-Tech Crime Prevention (A05) are urgently coordinating with enterprises providing network information security services and functional units of the State Bank to synchronously deploy technical and professional measures to respond, verify and ensure network security.

Source: https://nld.com.vn/ngan-hang-canh-bao-tranh-bi-loi-dung-lua-dao-sau-su-co-an-ninh-mang-tai-cic-196250912175510444.htm