Vietnam Data Breach Exposes 160 Million Credit Records

The Vietnam data breach has leaked more than 160 million credit records, exposing sensitive information from nearly the entire population. The attack targeted the National Credit Information Center (CIC), a central hub for Vietnam’s financial data.

What Information Was Exposed

Hackers accessed a massive database containing names, birth dates, phone numbers, emails, debts, tax IDs, and government or military IDs. Some leaked credit card details appeared encrypted, but researchers warn the dataset still contains highly valuable information.

Reports suggest attackers exploited outdated CIC software with known vulnerabilities. This weakness allowed them to bypass defenses and download the records.

The Scale of the Breach

Vietnam has around 102 million residents. The 160 million records indicate multiple entries per person, likely from historical or updated records.

Although CIC denied collecting account balances or CVV codes, the exposed dataset includes credit histories and identifiers linked to major banks. ReSecurity verified samples that matched data from VPBank, Sacombank, MB Bank, Agribank, and others.

Hacker Claims and Sale of Data

The hacker group ShinyHunters claimed responsibility for the Vietnam data breach. They listed the stolen dataset for sale at about $175,000.

Cybersecurity experts confirmed timestamps from early 2025 within the leak, showing that the dataset was current and actively maintained.

Risks for Citizens

The stolen data increases risks of identity theft, impersonation, and targeted financial fraud. Tax IDs, employment records, and government IDs could be exploited to open fraudulent accounts or bypass security checks.

This single system breach highlights the danger of centralizing credit information without strong cybersecurity controls.

How to Respond

• Monitor credit activity and request reports regularly.
• Use strong, unique passwords with multi-factor authentication.
• Watch for phishing attacks using leaked personal details.
• Check official notices from banks or government agencies for further guidance.

Conclusion

The Vietnam data breach demonstrates the risks of centralizing sensitive credit data. With 160 million records exposed, nearly every citizen faces increased threats of fraud and identity theft. Vietnam must strengthen its cybersecurity posture, close software gaps, and improve transparency. Citizens must stay alert, monitor their financial activity, and act quickly if suspicious behavior appears.