The National Credit Information Center (CIC), managed by Vietnam’s State Bank, suffered a severe cyberattack executed by the Scattered Spider hacking group and its affiliate ShinyHunters. The attackers exploited a vulnerability in end-of-life software to infiltrate the system, stealing approximately 160 million records containing highly sensitive personal and financial data. The compromised information includes names, addresses, credit card histories, government IDs, income statements, and debt records of Vietnamese citizens and businesses. The stolen data was offered for sale on a cybercriminal forum, with samples publicly shared to validate its authenticity. While no ransom was demanded, the breach poses critical risks to financial security, identity theft, and fraud across Vietnam’s banking sector. The Cyber Emergency Response Team (VNCERT) is investigating the incident in collaboration with state-owned telecom Viettel and other agencies, though the full extent of the damage remains unclear. Authorities have warned citizens against downloading or sharing the leaked data, threatening legal action against violators. The attack underscores vulnerabilities in government-managed financial infrastructure and raises concerns about the long-term reputational and economic impact on Vietnam’s credit system, given the scale and sensitivity of the exposed data.
Source: https://therecord.media/vietnam-cic-panama-finance-ministry-cyberattacks
TPRM report: https://www.rankiteo.com/company/credit-information-corporation
"id": "cre5542555100325",
"linkid": "credit-information-corporation",
"type": "Cyber Attack",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '~160 million records (citizens '
'and businesses)',
'industry': 'Financial Services',
'location': 'Vietnam',
'name': 'National Credit Information Center (CIC)',
'type': 'Government Agency'},
{'industry': 'Public Administration',
'location': 'Panama',
'name': 'Ministry of Economy and Finance (MEF)',
'type': 'Government Ministry'}],
'attack_vector': [{'panama': 'Malicious software (ransomware by INC gang)',
'vietnam': 'Exploited vulnerability in end-of-life '
'software (unspecified)'}],
'data_breach': {'data_encryption': {'panama': 'Likely (ransomware attack)',
'vietnam': None},
'data_exfiltration': {'panama': 'Confirmed (1.5 TB claimed by '
'INC gang)',
'vietnam': 'Confirmed (data offered for '
'sale on forums)'},
'number_of_records_exposed': {'panama': None,
'vietnam': '~160 million'},
'personally_identifiable_information': {'panama': None,
'vietnam': 'Yes '
'(names, '
'addresses, '
'government '
'IDs)'},
'sensitivity_of_data': {'panama': 'Moderate to High '
'(government '
'budgets/emails)',
'vietnam': 'High (PII + financial '
'data)'},
'type_of_data_compromised': {'panama': ['Government documents '
'(budgets, emails)'],
'vietnam': ['Personally '
'Identifiable '
'Information (PII)',
'Financial data '
'(credit card '
'history, income, '
'debts)',
'Government IDs']}},
'date_detected': {'panama': '2023-11-XX (detected on Tuesday of the '
'disclosure week)',
'vietnam': '2023-11-XX (exact date unspecified, disclosed '
'this week)'},
'date_publicly_disclosed': '2023-11-XX (this week)',
'description': 'Hackers stole data from government organizations in Vietnam '
'(National Credit Information Center, CIC) and Panama '
'(Ministry of Economy and Finance, MEF) in separate cyber '
'incidents disclosed this week. In Vietnam, the Scattered '
'Spider and ShinyHunters groups exploited an end-of-life '
'software vulnerability to steal ~160 million records, '
'including personal, financial, and credit data. In Panama, '
'the INC ransomware gang claimed to have exfiltrated 1.5 TB of '
'data, including budgets and emails. Both incidents are under '
'investigation, with Vietnam’s VNCERT coordinating with '
'agencies and telecom provider Viettel, while Panama’s MEF '
'activated security protocols to contain the intrusion.',
'impact': {'brand_reputation_impact': {'panama': 'Moderate (public disclosure '
'of breach)',
'vietnam': 'High (government warning '
'against sharing stolen '
'data; legal threats '
'issued)'},
'data_compromised': {'panama': ['1.5 TB of data (budgets, emails, '
'unspecified documents)'],
'vietnam': ['Personal data (names, addresses, '
'credit card history, government '
'IDs, income statements, debts)',
'~160 million records']},
'downtime': {'panama': 'Minimal (central platforms remained '
'operational)',
'vietnam': None},
'identity_theft_risk': {'panama': None,
'vietnam': 'High (PII and financial data '
'exposed)'},
'legal_liabilities': {'panama': None,
'vietnam': 'Potential legal charges for '
'downloading/sharing stolen data'},
'operational_impact': {'panama': 'Security protocols activated; '
'preventive measures reinforced',
'vietnam': 'Ongoing investigation; data '
'leakage containment in '
'progress'},
'payment_information_risk': {'panama': None,
'vietnam': 'High (credit card history '
'exposed)'},
'systems_affected': {'panama': ['One office of the Ministry of '
'Economy and Finance (MEF); '
'central platforms *not* '
'compromised'],
'vietnam': ['National Credit Information '
'Center (CIC) systems']}},
'initial_access_broker': {'data_sold_on_dark_web': {'panama': None,
'vietnam': 'Yes '
'(cybercriminal '
'forum)'},
'entry_point': {'panama': None,
'vietnam': 'End-of-life software '
'vulnerability'},
'high_value_targets': {'panama': 'Government '
'budgets/emails',
'vietnam': 'Credit '
'information '
'(citizens/businesses)'}},
'investigation_status': {'panama': 'Contained; no updates provided',
'vietnam': 'Ongoing (data volume still being '
'clarified)'},
'motivation': [{'panama': 'Data exfiltration (ransomware, though ransom '
'details unspecified)',
'vietnam': 'Data theft for sale on cybercriminal forums (no '
'ransom demanded)'}],
'post_incident_analysis': {'root_causes': {'panama': None,
'vietnam': 'Use of end-of-life '
'software with '
'unpatched '
'vulnerabilities'}},
'ransomware': {'data_encryption': {'panama': 'Likely (ransomware attack)',
'vietnam': None},
'data_exfiltration': {'panama': 'Yes (1.5 TB claimed)',
'vietnam': 'Yes (160M records)'},
'ransom_demanded': {'panama': None,
'vietnam': 'No (data sold instead)'},
'ransom_paid': {'panama': None, 'vietnam': 'No'},
'ransomware_strain': {'panama': 'INC ransomware',
'vietnam': None}},
'references': [{'source': 'Vietnam State News (via VNCERT)'},
{'source': 'DataBreaches.net (interview with hackers)'},
{'source': 'Bloomberg News'},
{'source': 'Panama Ministry of Economy and Finance (MEF) '
'statement'}],
'regulatory_compliance': {'legal_actions': {'panama': None,
'vietnam': 'Threatened against '
'those '
'downloading/sharing '
'data'}},
'response': {'communication_strategy': {'panama': 'Public statement '
'confirming incident',
'vietnam': 'Public warning against '
'downloading/sharing data; '
'legal threats'},
'containment_measures': {'panama': 'Preventive measures '
'reinforced across computer '
'systems',
'vietnam': 'Investigation ongoing; data '
'leakage mitigation'},
'incident_response_plan_activated': {'panama': 'Yes (security '
'protocols '
'activated)',
'vietnam': 'Yes (VNCERT '
'coordinating '
'with agencies '
'and Viettel)'},
'law_enforcement_notified': {'panama': None,
'vietnam': 'Yes (VNCERT involved; '
'global scrutiny '
'mentioned)'},
'third_party_assistance': {'panama': None,
'vietnam': ['Viettel (state-owned '
'telecom)']}},
'stakeholder_advisories': {'vietnam': 'Urged residents not to download/share '
'stolen data'},
'threat_actor': [{'panama': 'INC ransomware gang',
'vietnam': ['Scattered Spider', 'ShinyHunters']}],
'title': 'Cyberattacks on Government Organizations in Vietnam and Panama '
'Result in Data Theft',
'type': ['data breach', 'cyberattack', 'ransomware (Panama only)'],
'vulnerability_exploited': {'vietnam': 'End-of-life software vulnerability '
'(unspecified)'}}