Cybercriminals steal 160 million records from Vietnamese financial system, exposing entire population

Published: 15 September 2025
Vietnam’s National Credit Information Center (CIC) data breach
Image by Cybernews.

Cybercriminals attacked Vietnam’s financial system and are selling over 160 million records of sensitive financial data.

The cybercrime gang ShinyHunters claims to have exfiltrated highly sensitive financial data records from Vietnam’s National Credit Information Center (CIC), one of the country's four licensed credit information service providers.

Vietnam’s central bank confirmed the data breach at the institution and ordered CIC to collaborate with authorities on an investigation.

ADVERTISEMENT

The cybercriminals are currently selling 160 million records of data belonging to citizens in a country with a population of around 102 million. This indicates that the dataset potentially includes historical or multiple records per individual. The “negotiable price” for the data is $175,000.

“This data contains very sensitive information, including general PII, credit payment, risk analysis, credit cards (require your own deciphering of the FDE algorithm), military IDs, government IDs, tax IDs, income statements, debts owed, and more,” the cybercriminals claim on an illicit forum.

Has my data been leaked?
Check Now

However, Vietnam’s State Bank says that CIC and other providers don’t gather data on bank accounts, balances, savings, payment accounts, debit or credit card numbers, CVV/CVC codes, or transaction histories.

ReSecurity, a cybersecurity firm that often takes a proactive approach to investigating cybercrime, contacted the cybercriminals. They claimed to have exploited a known but unpatched vulnerability in the CIC's end-of-life software.

ShinyHunters did not even attempt to extort the CIC or the Vietnamese government, as it was unlikely to get a payment.

What data was exposed?

Pretending to be a potential purchaser, ReSecurity researchers were able to acquire samples of stolen data. It included timestamps from this year, and the most recent records were dated February 2025.

ADVERTISEMENT

“Multiple records include references to the leading financial institutions in Vietnam, including, but not limited to VietCredit, MB Bank, Ocean Bank, VPBank, Sacombank (Saigon Thuong Tin Commercial Joint Stock Bank), Agribank (Vietnam Bank for Agriculture and Rural Development),” ReSecurity researchers detail in the report.

The stolen data reportedly includes the following:

  • Full names and detailed personally identifiable information, including dates of birth, emails, and phone numbers
  • Credit payment histories, records describing balances, and their latest updates
  • Income statements, debts, contact and employment information, and banking details
  • Credit card information (some encrypted)
  • Military, government, and tax IDs
  • Risk analysis data

According to local media reports, the breach has sent shockwaves through the country’s financial system. Authorities did not disclose how many accounts might have been affected by the breach.

“ReSecurity has reached out to over 100 victims randomly selected from the acquired data set for comments via email. While the data was confirmed to be authentic, its source remains unclear,” the researchers said.

None of the victims had received any notifications about their data being exposed.

CIC is a government-owned centralized credit information repository that plays a critical role in Vietnam’s financial system. This role makes it an attractive target for attackers.

Niamh Ancell BW vilius jurgita Gintaras Radauskas
Stay informed and get our latest stories on Google News
Google News Follow us

“Breaching it exposed a single point of failure affecting nearly the entire population,” the researchers said.

The hacker’s post on the illicit forum claims that the full datasets exceed 2.6 billion lines among many categories.

ADVERTISEMENT

ShinyHunters is notorious for many high-profile breaches in the past. Recently, the group operated in the “ShinyHunters-Lapsus-ScatteredSpider” conglomerate, which announced the decision to end operations last week. The trio has stopped posting on their Telegram channel, but their illicit marketplace appears to remain active.

Many criminal uses for the data

Cybersecurity researchers warn that financial data is extremely valuable to criminals. On the dark web, stolen credit data can usually be sold for $10-$100 per single profile, while government IDs can be sold for hundreds of dollars each.

“Cybersecurity professionals consider breaches of national credit bureaus to be ‘worst-case scenarios' due to the sensitivity and centrality of the data involved,” ReSecurity warns.

“The CIC breach stands out for its scale and the critical role of the institution in the national financial infrastructure in Vietnam.”

Vietnam
Image by TBone Lee / Shutterstock

Citizens in Vietnam should be aware of potential phishing, social engineering, and identity theft attacks, as well as cybercriminals attempting to impersonate individuals and businesses. Nation-state actors are also likely to use this data for espionage or intelligence gathering on their targets of interest.

The authorities in Vietnam are urging citizens and organizations to refrain from downloading, sharing, or exploiting the leaked data. They warn that violators will face legal fines and to stay vigilant to avoid falling prey to fraud or malware schemes.

The central bank also warned institutions that “unauthorised collection, processing, use, or distribution of credit information will be subject to strict penalties under Vietnamese law.”

ADVERTISEMENT

Unlock more exclusive Cybernews content on YouTube.

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT