Preventing personal data breaches

Online fraud causes losses exceeding 6 trillion VND.

The National Cybersecurity Association predicts that 2025 will mark a significant shift in Vietnam's cybersecurity landscape, with the number of online fraud victims recording a decrease for the first time in many years. However, the Association warns that online fraud remains extremely complex, and users need to continue to be vigilant. Fraudsters are applying new technologies and even experimenting with new methods and techniques to circumvent anti-fraud measures; the risk to users remains ever-present in cyberspace.

Statistics from the Cyber ​​Security and High-Tech Crime Prevention Department of the Ministry of Public Security show that in the first six months of 2025, authorities detected and handled 56 cases related to the illegal trading of personal data, involving more than 110 million data records that were illegally collected and traded. This situation stems from the genuine need to collect personal data to serve production and business activities.

According to the Ministry of Public Security, in the first 11 months of 2025, losses due to online fraud remained very high, estimated at over 6 trillion VND. One of the reasons for the increase and complexity of online fraud is the excessive and easy leakage of users' personal data.

According to data from Kaspersky Security Group, in 2025, they detected and blocked over 117 million clicks on phishing links (online scams that impersonate websites, emails, or familiar services to trick users into providing their information). Kaspersky's analysis shows that 88.5% of phishing attacks targeted online account login information, 9.5% focused on personal data such as names, addresses, and dates of birth, and 2% directly targeted bank card information. After being stolen, this data is fed into specialized automated systems, allowing criminals to manage and process massive amounts of data for various purposes.

“ The Government’s issuance of Decree No. 13/2023/ND-CP dated April 17, 2024, on the protection of personal data, followed by the Law on Personal Data Protection (effective from January 1, 2026), is a step demonstrating the strong commitment of the Vietnamese State in building a safe digital environment and ensuring human rights in cyberspace,” emphasized Colonel Nguyen Hong Quan, Deputy Director of the Cyber ​​Security and High-Tech Crime Prevention Department, Ministry of Public Security .

Data - a weapon of cyberattack

According to Kaspersky cybersecurity expert Olga Altukhova, "Stolen data is not simply a disposable commodity, but is gradually becoming a powerful weapon used by cybercriminals for the long term. Attackers leverage publicly available data on the internet, combined with previously leaked information, to build sophisticated and highly personalized phishing scenarios. From this, victims not only lose data but also become long-term targets of extortion, financial fraud, or identity theft."

Cybercriminals often assemble stolen data into large, authenticated batches for sale. On dark web forums, these data batches are typically offered for sale in bulk at prices as low as $50 or less; however, higher-value accounts fetch higher prices. For example, the average price is $105 for cryptocurrency-related accounts, around $350 for bank accounts, about $82.50 for e-government portal accounts, and around $15 for personal documents (ID cards, passports, etc.).

Before transactions, stolen data is thoroughly checked using automated scripts to verify whether the information is still usable on the services. It is then compiled into complete "digital dossiers," significantly increasing the data's value. These dossiers are then used in targeted attacks, typically whaling, a scam targeting individuals with high positions or significant assets.

Colonel Nguyen Hong Quan, Deputy Director of the Cyber ​​Security and High-Tech Crime Prevention Department, Ministry of Public Security, stated that the right to protection of personal data, previously understood as part of the right to privacy, has now become an independent right, recognized and protected by law.

According to Colonel Nguyen Hong Quan, approximately 80% of the world's population currently lives in areas with regulations on personal data protection, and Vietnam is no exception. Raising public awareness and digital skills, along with improving the legal framework and capacity for personal data protection, will continue to be key factors in minimizing cybersecurity risks in the future.

Mr. Vu Ngoc Son, Head of Technology Department, National Cybersecurity Association: Urging the verification of data.

The Law on Personal Data Protection has created a complete and comprehensive legal framework, facilitating state management agencies to implement tasks and solutions to best and safely protect the personal data of users, agencies, organizations, and businesses.

Most recently, Directive No. 57-CT/TW of the Party Central Committee on strengthening cybersecurity, information security, and data security in the political system has required the deployment of a national cyberspace identification and authentication system; unifying the identification of citizens, social media users, telecommunications subscribers, and internet resources (domain names, IP addresses, etc.), further affirming the important role of data. This directive also carries a very high level of guidance: relevant agencies must expedite data authentication.

Current realities show that regulations on data authentication already exist in various fields, so it is necessary to implement synchronized authentication across different sectors and fields. In particular, the implementation of a cyber identity and authentication system as per Directive No. 57-CT/TW is considered timely and necessary, helping to limit fake accounts, fake news, online fraud, and enhance the responsibility of each individual when speaking on social media. This regulation is extremely necessary and contributes to the healthy development of society.

Mr. Nguyen Phu Dung, General Director of PILA Group Joint Stock Company: Data authentication via NDAKey is a secure solution.

In addition to existing data authentication solutions in various fields, NDAKey is positioned as an autonomous identity management solution, aiming to implement the principles of the Personal Data Protection Law right from the system architecture. Built on the national blockchain platform (NDAChain), NDAKey allows for transparent recording and verification of authentication transactions, while identity data exists as digital certificates and is managed by the users themselves. Based on this, all data collection, use, or sharing activities are linked to the explicit consent of the data subject for each specific purpose, facilitating verification, tracing, and accountability when necessary without the formation of centralized data repositories.

NDAKey is an essential identity management solution, suitable not only for individuals and management agencies but also for the entire digital ecosystem. Furthermore, this model empowers citizens to control their data, meaning they decide which data is shared, with whom, and under what circumstances. This aligns with the spirit of the Personal Data Protection Law 2025, where all data processing activities must be based on the explicit and transparent consent of the data subject…

Source: https://www.sggp.org.vn/chong-xam-pham-du-lieu-ca-nhan-post836255.html