CIC, one of Viet Nam’s four licensed credit information service providers, does not gather data on bank accounts, balances, savings, payment accounts, debit or credit card numbers, CVV/CVC codes, or transaction histories. Credit institutions’ IT systems, the SBV assured, operate independently, and their services remain stable and secure.
The central bank reiterated its ongoing requests to financial institutions, mandating rigorous compliance with law on IT security, safety, and customer data protection to bolster defences against such breaches.
Unauthorised collection, processing, use, or distribution of credit information will be subject to strict penalties under Vietnamese law, the SBV stated.
In response to the breach, the SBV urged customers to adhere to legal guidelines and follow instructions from authorities and banks to protect their rights and interests, avoid fraud, and guard against malicious software attacks.
The alert followed a warning from the Viet Nam Cybersecurity Emergency Response Centre (VNCERT), which flagged a leak of personal data from CIC. Preliminary findings pointed to cyberattacks aimed at stealing data, with the full extent of the breach still under investigation.
VNCERT urged organisations and individuals to refrain from downloading, sharing, or exploiting the leaked data, cautioning that violators will face legal fines. It also pressed agencies and companies, particularly financial organisations and banks, to audit their systems and meet the national cybersecurity standard TCVN 14423:2025. Citizens were advised to stay vigilant to avoid falling prey to fraud or malware schemes.
