On the afternoon of September 11, the Vietnam Cyber Emergency Response Center (VNCERT) issued a notice regarding a personal data breach at the National Credit Information Center (CIC). Initial verification results indicate signs of a cyberattack involving unauthorized access and theft of personal data. The exact volume of stolen data is still under investigation.

The National Cybersecurity Association (NCA) promptly conducted a preliminary assessment, confirming that Vietnam’s banking and credit systems remain safe, well-protected, and fully operational. Citizens are advised that there is no need to take measures such as blocking cards, freezing accounts, changing CVC/CVV codes, or resetting passwords based solely on unverified online rumors. Such actions do not enhance security and may, in fact, disrupt transactions and negatively impact daily life.

As a member of the NCA, Bkav warns users to remain highly vigilant against scams exploiting this incident. Cybercriminals may impersonate banks or government agencies, contacting victims via calls or text messages to steal sensitive information such as personal details, credit card numbers, CVC/CVV codes, and OTPs. Users should note that banks will never request such information through unofficial channels.

Importantly, organizations and individuals are strictly prohibited from downloading, sharing, exploiting, or using the leaked data. Violations will be handled in accordance with the law.

Globally, cyberattacks targeting government agencies and major financial institutions are not uncommon. For example, the largest data breach in U.S. history occurred in 2017 at credit reporting giant Equifax, affecting hundreds of millions of individuals across the U.S., U.K., and Canada. Similarly, in 2021, Singapore’s Fullerton Health had its systems breached, with stolen data later sold on the Dark Web.

According to Bkav experts, the root cause of most such incidents is malware infection. Users often underestimate the risk, relying solely on free antivirus software or assuming that the built-in protection packaged with operating systems is sufficient. This is a dangerous misconception. Users—especially organizations and enterprises—should not depend on default antivirus solutions, which only provide basic protection and are incapable of defending against modern, persistent malware designed to infiltrate deeply and remain undetected within systems.

Bkav