The National Credit Information Center (CIC) of Vietnam suffered a cyberattack by ShinyHunters, a prolific threat actor known for large-scale data breaches. The attackers exploited an unpatched 'n-day' vulnerability in end-of-life software used by CIC, gaining unauthorized access to steal personal data of Vietnamese citizens. While no ransom demands were made, the stolen data including contact details, payment identifiers, and references to financial institutions was listed for sale on a dark web hacking forum, with samples provided as proof.The breach exposed a centralized repository of credit data, risking identity theft, financial fraud, and systemic instability across Vietnam’s financial sector. Authorities, including VNCERT, Viettel, VNPT, and NCS, launched investigations, while the State Bank of Vietnam (SBV) reassured customers that bank account numbers, balances, and transaction histories were not compromised. However, the leaked personally identifiable information (PII) remains a severe risk for fraud. JPMorgan noted potential increased cybersecurity costs for banks and risks to deposit flows, though no immediate financial system collapse was reported.
TPRM report: https://www.rankiteo.com/company/kci-credit-information-jsc
"id": "kci1932119091425",
"linkid": "kci-credit-information-jsc",
"type": "Cyber Attack",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': ['Nearly the entire population '
'of Vietnam (implied)'],
'industry': 'Financial Services (Credit Information)',
'location': 'Vietnam',
'name': 'National Credit Information Center (CIC) of '
'Vietnam',
'type': 'Government Agency'},
{'industry': 'Banking/Finance',
'location': 'Vietnam',
'name': 'VietCredit',
'type': 'Financial Institution'},
{'industry': 'Banking/Finance',
'location': 'Vietnam',
'name': 'MB Bank',
'type': 'Financial Institution'},
{'industry': 'Banking/Finance',
'location': 'Vietnam',
'name': 'Ocean Bank',
'type': 'Financial Institution'},
{'industry': 'Banking/Finance',
'location': 'Vietnam',
'name': 'VPBank',
'type': 'Financial Institution'},
{'industry': 'Banking/Finance',
'location': 'Vietnam',
'name': 'Sacombank (Saigon Thuong Tin Commercial Joint '
'Stock Bank)',
'type': 'Financial Institution'},
{'industry': 'Banking/Finance',
'location': 'Vietnam',
'name': 'Agribank (Vietnam Bank for Agriculture and '
'Rural Development)',
'type': 'Financial Institution'}],
'attack_vector': ["Exploitation of 'n-day' vulnerability",
'End-of-life software vulnerability'],
'customer_advisories': ['SBV emphasized that bank account numbers, balances, '
'and card details were not compromised',
'Customers advised to monitor for identity theft or '
'fraud attempts'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (centralized credit data for '
'nearly entire population)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Contact information',
'Payment identifiers',
'References to local financial '
'institutions']},
'date_publicly_disclosed': '2025-09-14',
'description': 'Vietnam’s National Credit Information Center (CIC) was hit by '
'a cyberattack by the ShinyHunters group, resulting in '
'unauthorized access and theft of personal data. The attackers '
"exploited an 'n-day' vulnerability in end-of-life software "
'used by the CIC. The stolen data was listed for sale on a '
'hacking forum on the Dark Web, with samples provided as '
'proof. The breach exposed sensitive personal information, '
'though not bank account details or transaction histories. The '
'incident prompted investigations by Vietnamese authorities, '
'including VNCERT, the Department of Cybersecurity, and '
'state-owned technology partners like Viettel and VNPT. The '
'State Bank of Vietnam (SBV) reassured clients that commercial '
"banks' IT systems remain secure, but the breach poses risks "
'of identity theft and financial fraud.',
'impact': {'brand_reputation_impact': ["Potential loss of trust in Vietnam's "
'credit information system',
"Risk to financial institutions' "
'reputations'],
'data_compromised': True,
'identity_theft_risk': True,
'legal_liabilities': ['Potential violations of Vietnam’s data '
'protection and cybersecurity laws'],
'payment_information_risk': ['Contact information',
'Payment identifiers',
'References to local financial '
'institutions (excluding bank account '
'numbers, balances, or card details)'],
'systems_affected': ['National Credit Information Center (CIC) of '
'Vietnam']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'entry_point': "Exploitation of 'n-day' "
'vulnerability in end-of-life '
'software',
'high_value_targets': ['Centralized credit data '
'repository (CIC)']},
'investigation_status': 'Ongoing (led by VNCERT, Department of Cybersecurity '
'of Vietnam, and state-owned partners)',
'lessons_learned': ['End-of-life software poses significant risks if left '
'unpatched or unsupported',
'Centralized repositories (e.g., credit data) create '
'single points of failure with widespread impact',
'Proactive vulnerability management and third-party risk '
'assessments are critical for financial institutions',
'Dark Web monitoring is essential to detect leaked data '
'early'],
'motivation': ['Financial Gain (data sale)', 'Not extortion-based'],
'post_incident_analysis': {'corrective_actions': ['Replace or isolate '
'end-of-life systems',
'Enhance vulnerability '
'management programs',
'Implement stricter access '
'controls and monitoring '
'for credit data',
'Improve coordination '
'between financial '
'regulators and '
'cybersecurity agencies'],
'root_causes': ['Use of unsupported end-of-life '
'software with unpatched '
'vulnerabilities',
'Lack of compensatory controls for '
"known 'n-day' vulnerabilities",
'Attractiveness of CIC as a '
'high-value target due to '
'centralized data']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Replace or secure end-of-life software with supported '
'alternatives',
'Implement multi-layered security controls for '
'centralized data repositories',
'Enhance collaboration between government agencies, '
'financial institutions, and cybersecurity firms for '
'threat intelligence sharing',
'Strengthen legal frameworks and enforcement against data '
'misuse post-breach',
'Conduct regular cybersecurity audits and red-team '
'exercises for critical infrastructure',
'Invest in Dark Web monitoring tools to detect leaked '
'credentials or data'],
'references': [{'date_accessed': '2025-09-14',
'source': 'SecurityAffairs',
'url': 'https://securityaffairs.com/153420/data-breach/shinyhunters-attack-vietnam-cic.html'},
{'date_accessed': '2025-09-14',
'source': 'Vietnam News (via SecurityAffairs)'},
{'date_accessed': '2025-09-14',
'source': 'Reuters (via SecurityAffairs)'}],
'regulatory_compliance': {'legal_actions': ['Investigation by Department of '
'Cybersecurity of Vietnam',
'Coordination with VNCERT and '
'state-owned partners'],
'regulations_violated': ['Potential violations of '
'Vietnam’s data protection '
'and cybersecurity laws'],
'regulatory_notifications': ['VNCERT warning to '
'individuals/organizations',
'SBV statement to '
'clients']},
'response': {'communication_strategy': ['Warning issued by VNCERT against '
'downloading/sharing leaked data',
'Reassurance statement by State Bank '
'of Vietnam (SBV) to clients',
'JPMorgan investor note on potential '
'cybersecurity cost increases'],
'enhanced_monitoring': ['Regular directives to financial '
'institutions to strengthen security '
'measures'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Assessment of vulnerabilities '
'exploited',
'Emergency measures by national '
'cyberresponse team'],
'third_party_assistance': ['Viettel', 'VNPT', 'NCS']},
'stakeholder_advisories': ['VNCERT warning against downloading/sharing leaked '
'data',
'SBV statement reassuring clients about bank IT '
'system safety',
'JPMorgan investor note on cybersecurity cost '
'risks'],
'threat_actor': 'ShinyHunters',
'title': 'ShinyHunters Attack on Vietnam’s National Credit Information Center '
'(CIC)',
'type': ['Data Breach', 'Unauthorized Access'],
'vulnerability_exploited': "Unpatched 'n-day' vulnerability in end-of-life "
'software'}