The National Credit Information Center (CIC), managed by Vietnam’s State Bank, suffered a major cyberattack attributed to the hacker group ShinyHunters, exposing over 160 million records far exceeding Vietnam’s population of 102 million, indicating duplicate historical and current financial data per individual. The breach compromised personally identifiable information (PII), including names, government/tax IDs, addresses, contact details, employment histories, and credit records, though some financial data (e.g., credit cards) remained encrypted. The attackers are selling the dataset on dark web forums rather than deploying ransomware.The incident poses severe risks of identity theft, loan fraud, and phishing, as criminals exploit exposed details to impersonate victims or access accounts. While CIC’s operations remain functional, the breach erodes systemic trust in Vietnam’s financial institutions, potentially increasing security costs and undermining confidence in the banking sector. Authorities are investigating the attack vector and mitigating further exposure, but the scale of the leak covering nearly all citizens’ financial histories highlights vulnerabilities in centralized sensitive data repositories.
Source: https://cyberinsider.com/shinyhunters-breach-exposes-vietnams-credit-data-in-massive-cyberattack/
TPRM report: https://www.rankiteo.com/company/national-credit-center
"id": "nat2492824091525",
"linkid": "national-credit-center",
"type": "Breach",
"date": "9/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '160 million records (including '
'duplicates; Vietnam’s '
'population is ~102 million)',
'industry': 'financial services',
'location': 'Vietnam',
'name': 'National Credit Information Center (CIC)',
'type': 'government agency'}],
'data_breach': {'data_encryption': 'partial (financial data like credit cards '
'encrypted; PII exposed in plaintext)',
'data_exfiltration': True,
'number_of_records_exposed': '160 million (including '
'duplicates)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes PII and financial '
'history)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'government identification data',
'tax identification data',
'employment history',
'credit records']},
'description': 'Vietnam’s National Credit Information Center (CIC), managed '
'by the State Bank of Vietnam, is investigating a major '
'cyberattack that reportedly exposed more than 160 million '
'records. The breach, linked to the hacker collective '
'ShinyHunters, involved unauthorized access aimed at stealing '
'personal data, including names, government and tax '
'identification numbers, addresses, contact details, '
'employment histories, and detailed credit records. While some '
'financial data (e.g., credit card information) was encrypted, '
'personally identifiable information (PII) was exposed in '
'plaintext. The attackers are monetizing the data on '
'underground forums, posing risks of identity theft, loan '
'fraud, and phishing attacks. The incident raises concerns '
'about systemic trust in Vietnam’s financial institutions and '
'the resilience of centralized databases.',
'impact': {'brand_reputation_impact': 'high (potential undermining of trust '
'in Vietnam’s banking system)',
'data_compromised': ['names',
'government identification numbers',
'tax identification numbers',
'addresses',
'contact details',
'employment histories',
'detailed credit records',
'personally identifiable information (PII)'],
'identity_theft_risk': 'high',
'operational_impact': 'none (operations and credit reporting '
'services remain functional)',
'payment_information_risk': 'low (credit card information was '
'encrypted)',
'systems_affected': ['National Credit Information Center (CIC) '
'database']},
'initial_access_broker': {'data_sold_on_dark_web': True,
'high_value_targets': ['CIC database (centralized '
'financial records)']},
'investigation_status': 'ongoing (identifying how attackers gained access)',
'motivation': 'financial gain (data monetization on Dark Web)',
'ransomware': {'data_encryption': 'partial (selective encryption of financial '
'data)',
'data_exfiltration': True},
'references': [{'source': 'Resecurity'}],
'regulatory_compliance': {'regulatory_notifications': ['banks and creditors '
'alerted']},
'response': {'communication_strategy': ['alerted banks and creditors about '
'the breach and data distribution '
'risks'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['investigating unauthorized access',
'preventing further exposure'],
'third_party_assistance': ['state-owned technology partners']},
'stakeholder_advisories': ['banks and creditors warned about data '
'distribution risks'],
'threat_actor': 'ShinyHunters',
'title': 'Major Cyberattack on Vietnam’s National Credit Information Center '
'(CIC)',
'type': ['data breach', 'unauthorized access']}