343/68 Tuesday, September 16, 2025
The ShinyHunters hacking group has successfully breached the systems of the National Credit Information Center of Vietnam (CIC). Investigators confirmed evidence of unauthorized access, with leaked data containing sensitive customer information tied to several leading Vietnamese financial institutions, including VietCredit, MB Bank, Ocean Bank, VPBank, and Agribank. Authorities in Vietnam, led by the Vietnam Cyber Emergency Response Team (VNCERT) and related agencies, are currently working to assess the full extent of the damage.
According to the official statement, ShinyHunters exploited an “n-day” vulnerability-a previously disclosed flaw that had not yet been patched. The attack targeted outdated software that is no longer supported, meaning no new security patches were available. Unlike common ransomware incidents, ShinyHunters did not demand a ransom from CIC. Instead, they published the stolen data for sale on hacker forums in the dark web, along with large samples to prove the authenticity of the information.
While the State Bank of Vietnam reassured the public that critical financial data-such as bank account numbers, balances, credit/debit card numbers, CVV/CVC codes, and transaction histories-was not stolen, cybersecurity experts warned that other leaked personal data could still be abused for identity theft and financial fraud. The incident has far-reaching implications: Reuters reported that JP Morgan issued a note to investors warning that the breach may force banks to increase cybersecurity spending, potentially driving up costs and affecting future business opportunities.
