Vietnam is investigating a cyberattack on its national credit database, an incident that has triggered concerns over the safety of sensitive financial information in one of Asia’s fastest-growing banking markets. The breach, revealed by the country’s cybersecurity agency and detailed in a letter circulated to lenders, targeted the National Credit Information Centre (CIC), which operates under the State Bank of Vietnam.
The CIC plays a pivotal role in Vietnam’s financial system, maintaining detailed records of borrowers’ personal data, credit card usage, payment history, and risk assessments. According to officials, preliminary findings point to unauthorized access designed to steal personal data, though the scale of the compromise remains under assessment.
FCRF Academy Invites Legal Experts to Shape India’s First Comprehensive Cyber Law Certification
Signs Point to International Actors
In a letter dated September 11 and seen by financial institutions, the CIC suggested that the attack may have been orchestrated by Shiny Hunters, a hacker collective known for breaching multinational corporations, including Google, Microsoft, and Qantas. The group, active since at least 2020, has been linked to large-scale data theft and the sale of stolen credentials on dark web marketplaces.
Vietnamese authorities stressed that the incident had not disrupted the country’s credit information service, which remains operational. “The incident has not disrupted operations or caused any damage, and the credit information service system remains fully functional,” the CIC stated. However, cybersecurity experts caution that the theft of credit data, even without immediate service interruption, can have long-lasting implications for financial security and consumer trust.
Growing Cybersecurity Concerns in Vietnam
The breach comes against a backdrop of rising digital vulnerabilities in Vietnam. A 2024 report from military-run telecommunications firm Viettel highlighted that data leakage in the country surged to 14.5 million accounts last year, accounting for 12 per cent of the global total. Analysts say this trend underscores the challenges Vietnam faces in strengthening its digital defences while expanding financial inclusion and digital banking.
Investment bank JPMorgan, in a note to clients on Friday, warned that the incident could increase operational costs for banks as they are compelled to reinforce cybersecurity infrastructure. It also identified potential risks to deposit flows if consumer confidence weakens. Still, the bank maintained its outlook on Vietnamese lenders, noting the absence of widespread disruption.
The State Bank of Vietnam has not issued a public statement, and Shiny Hunters could not be reached for comment. For now, the scope of the attack remains uncertain, but its implications stretch well beyond Vietnam’s borders, signalling the continuing reach of global cybercriminal networks into emerging economies.