A major cyberattack targeting Vietnam’s National Credit Information Center (CIC) has raised concerns about financial data security, with authorities confirming signs of unauthorized access aimed at stealing sensitive personal information.
The CIC, which operates under the State Bank of Vietnam, manages a vast database containing individuals’ credit scores, payment history, risk ratings, and other private financial details. The full impact of the breach is still being assessed.
International hacker group suspected
According to Vietnam’s national cybersecurity agency, the breach appeared to be a deliberate attempt to exfiltrate personal data. A letter sent by CIC to financial institutions, dated September 11, suggested that the attack may have been orchestrated by the hacker group Shiny Hunters. The group is infamous for breaching high-profile organizations including Microsoft, Google, and Qantas.
Despite the breach, CIC stated that its credit information systems remain operational and that no immediate damage to infrastructure has occurred. However, officials have not disclosed the number of affected users or the method used to gain access.
Rising risks for Southeast Asia’s financial sector
The incident adds to growing cybersecurity concerns in Southeast Asia’s financial services sector. In a 2024 report, telecom giant Viettel highlighted that Vietnam accounted for 12% of global data leaks, with 14.5 million compromised accounts — a significant rise in breaches over previous years.
The lack of immediate disruption may provide temporary relief, but experts suggest the reputational damage and financial fallout could be substantial if the breach impacts deposit flows or loan processing timelines.
Financial implications and future impact
In a note to investors, JPMorgan warned that the breach could result in increased cybersecurity costs for banks and introduce risk to the broader financial ecosystem in Vietnam. However, the firm maintained a positive investment outlook on Vietnamese banks unless further incidents emerge.
Vietnam’s central bank has yet to issue an official statement on the incident. Meanwhile, the investigation into the full scope and intent of the cyberattack continues.
