Reporter: With the data leak at CIC, what is the biggest risk people might face, sir?
* Mr. NGO MINH HIEU : Although the CIC incident is serious and shows signs of personal data leakage, information such as passwords, CPC, CPV, credit card numbers, and bank transaction history are not included in the data that CIC collects or displays under the current circumstances. Therefore, people's transactions and credit card information will not be affected by this incident.

No bank officially requires customers to lock their accounts or change their passwords or security codes due to concerns about data breaches. Such requests are merely rumors spread by malicious actors impersonating banks. The specific scams warned about after this incident, according to the Ho Chi Minh City Police, involve impersonating banks, CIC (Credit Information Center), or government agencies to make phone calls, send text messages, or emails requesting personal information, notifying users of "bad debt," "account lockout," or tricking them into providing passwords, OTP codes, or clicking on malicious links.
In addition, there are scams such as "clearing CIC debt," "increasing credit card limits," advertising quick loans, and reducing credit card debt... often targeting students and workers. Scammers may also impersonate relatives, superiors, or colleagues to gain trust and request urgent money transfers. There are even cases of impersonating police, prosecutors, or judges, accusing victims of "money laundering" and then demanding money be transferred to a "secure account."
Following this incident, what is your assessment of the hacker group? Were they professional individuals or organizations?
* On September 8, 2025, anti-fraud experts discovered that the ShinyHunters group claimed to have hacked the CIC (Credit Information Center), stealing over 160 million data records. The authenticity of this data from CIC has not been fully verified, so we decided not to publish or share it. The data was subsequently offered for sale on hacker forums.
This is one of the largest data breaches ever recorded in Vietnam, affecting a significant portion of the population. ShinyHunters is a notorious black hat hacker group that emerged in 2020 with a series of large-scale data breaches. The group operates by extorting money after stealing data. They demand ransom, and if victims fail to pay, they sell the stolen data or release it on the dark web.
In a short period of time, ShinyHunters became one of the most talked-about groups in the cybersecurity community due to their relentless, large-scale attacks. They even ran their own data trading forum (like BreachForums) to sell personal information.
ShinyHunters publicly claimed responsibility and offered data for sale under their familiar group name, providing data samples to buyers. The group chose CIC because of its "massive data repository" and the potential for profit from selling the data.
Following this data leak, what urgent measures need to be taken, and what lessons can be applied to Vietnam, sir?
* People need to be extremely vigilant against fake calls and messages impersonating banks, CIC (Credit Information Center), or authorities. Do not provide card information, expiration dates, passwords, or OTP codes to anyone; do not click on links in messages, emails, Zalo, etc., especially those with suspicious attachments. Do not trust advertisements promising "CIC debt removal" or "quick and safe loans," and regularly monitor your transaction history (if there are any irregularities, contact the bank's hotline or the nearest branch immediately).
Urgent measures that relevant units need to take include prioritizing isolation, fixing vulnerabilities, and replacing outdated components; reviewing logs and monitoring unusual transactions; considering providing credit monitoring services to the public; and coordinating with credit institutions to strengthen verification.
The lesson learned is that every data breach leaves long-lasting consequences. It's crucial to raise public awareness; at the same time, organizations must tighten security, implement multi-factor authentication, tightly manage access rights, and operate secure cloud systems.
Source: https://www.sggp.org.vn/lap-lo-hong-ro-ri-du-lieu-tin-dung-post813020.html










