Hackers steal 160 million records from state-run credit center, exposing Communist Party’s digital vulnerability and illiteracy
This month, over 160 million credit records held at Vietnam’s National Credit Information Center (CIC), a unit managed by the State Bank of Vietnam, were stolen and posted for sale online for US$175,000.
The massive breach, allegedly carried out by the hacker group ShinyHunters, exposed the personal data of virtually every Vietnamese citizen above the age of 18.
Yet, beyond the cybercrime headlines, the scandal raises a deeper, more troubling question: What happens when a government simultaneously loses control of citizens’ data, while also proposing to sell it?
Vietnam’s Ministry of Public Security (MPS) has recently introduced a draft law proposing the establishment of a national data exchange platform.
Framed as a way to unlock the value of data for economic development, the platform would allow for the trading of both personal and non-personal data, under certain conditions. While the ministry promises that individual consent will be required, the mechanism for ensuring such consent remains vague.
At the same time, Vietnamese citizens affected by the CIC leak were not notified: not by the CIC, not by relevant banks and not by any state institution.
As of September 13, some individuals whose names appeared in sample files being circulated on the dark web said they had received no warnings, no protection and no explanation.
The leaked dataset, according to security experts, included:
- Full personal identification (ID numbers, passports, driving licenses)
- Biometric data and medical records
- Tax codes, income and debt information
- Credit card and banking records
- Employment, education and residence history
- Government, police and military personnel profiles
This isn’t just a privacy issue; it’s a national security breach. When foreign intelligence services can buy profiles of Vietnamese government officials and military members for less than the cost of a luxury car, no law or slogan can compensate for the damage done.
In a tone-deaf public notice, police authorities urged citizens to remain vigilant and “protect themselves” against identity theft and cybercrime, placing the burden back on the victims.
The irony is stark: the state collects data without consent, fails to protect it and then blames the people for not being digitally literate enough to defend themselves.
This contradiction is particularly jarring in the context of the government’s recent push for a “digital literacy campaign.” On September 13, General Secretary To Lam praised the launch of “Digital Mass Literacy – Digital Parliament” as part of Vietnam’s national modernization.
At the same time, he admitted that most citizens and even government officials lack fundamental knowledge about data protection or digital transformation.
Selling insecure data
The Ministry of Public Security’s draft legislation envisions a future where data is commodified, yet claims to prioritize national security and individual privacy. But the CIC breach reveals a harsh truth: Vietnam does not yet have the technical or institutional capacity to manage that dual mandate.
General Vu Van Tan, head of the Cybersecurity Department, recently stated that data should not sit idly in databases but rather should be “shared and monetized to generate value for society.”
But when the value of data outweighs the commitment to protect it, citizens are no longer stakeholders – they are vulnerable bystanders.
To restore trust, Vietnam needs more than draft laws and slogans. It needs:
- A public apology and immediate notification to all affected individuals
- Independent oversight of any future data exchanges
- Strict liability for state and corporate entities involved in data mishandling
- Investment in real cybersecurity infrastructure, not just propaganda
- Clear legal pathways for compensation to citizens harmed by data breaches
Most importantly, the Vietnamese government must recognize that data rights are human rights. Without accountability, security and consent, the promise of a “digital society” becomes instead a digital trap.
Views: 0
Leave a Reply