HCMC – Vietnam’s central bank has confirmed that the country’s banking system remains safe and stable following a data breach at the National Credit Information Center (CIC).
The State Bank of Vietnam (SBV) said on September 12 that it had directed CIC to coordinate with authorities to investigate and handle the incident while ensuring its operations continue uninterrupted.
CIC is one of four licensed credit reporting agencies in Vietnam. The SBV clarified that CIC’s credit data does not include deposit accounts, account balances, savings books, checking accounts, debit or credit card numbers, CVV/CVC codes, or customers’ payment transaction histories. Banking IT systems operate independently and remain secure, the SBV added.
The breach was reported on September 11 by the Vietnam Computer Emergency Response Team (VNCERT). Initial findings showed signs of intrusion aimed at stealing personal data. The amount of compromised information is still being verified.
The Ministry of Public Security’s cybercrime unit instructed VNCERT to work with telecom providers Viettel, VNPT, and NCS, as well as CIC and the SBV, to take prompt technical measures, strengthen cybersecurity, and collect evidence.
VNCERT warned individuals and organizations not to download, share, or use leaked data, stressing that violations will be subject to legal action. It also urged financial institutions and businesses to review their systems and comply with the national cybersecurity standard TCVN 14423:2025.
The National Cybersecurity Association cautioned that criminals may exploit the incident to impersonate banks or authorities in phishing attempts, spread malware, or steal assets. Users are warned not to provide personal information, credit card details, CVV/CVC codes, or OTPs through unofficial channels.
Vu Ngoc Son, a representative of the association’s technology division, said Vietnam’s banking and credit systems remain well-protected. He added that customers do not need to take measures such as blocking cards, closing accounts, or changing CVV/CVC codes and passwords based solely on unverified information circulating online.
