The State Bank of Vietnam (SBV) issued the statement Friday following the reported leak of information about 31,000 transactions of Mobile World, including customers' bank card numbers, on the internet.
The central bank also noted that while there has been no report of Mobile World customers having card information stolen and used to appropriate money, the incident has caused anxiety and created negative public opinion.
The SBV said it is closely coordinating with relevant authorities to determine the cause of the alleged leak, as well as the identity and motive of the individual or group behind it so they could be strictly punished in accordance with the law.
Also on Friday, the SBV issued instructions on enhancing security of customer information to proactively prevent any possible leak of bank card information.
Payment service providers and third-party payment gateway operators have been asked to work with Mobile World to determine the cause of the alleged leak, monitor all related cards and transactions for any abnormality and safeguard the information, rights and legitimate interests of customers.
They must also strictly comply with regulations on storing and securing customer information, review, re-evaluate their business procedures with relevant parties, and inform their employees of regulations on storing, securing customer information.
In response to the data leak reports, a number of banks have also issued internal circulars instructing employees to avoid any risk.
In its circular, a Ho Chi Minh City-based bank has asked its departments to inspect and review all transactions via POS card readers and advised customers to change their PIN numbers.
The alleged data of Mobile World's customers were leaked on Tuesday and Wednesday. A user on online forum RaidForums uploaded files containing 5.4 million customer email addresses, 61,000 employee email addresses and over 31,000 card transactions with customers' card numbers partially shown.
This user later uploaded another file containing what is allegedly the full card number of some Mobile World customers, prompting experts to suggest that the hacker might have the full card numbers of all 31,000 bank cards partially leaked in the previous file.
In an official announcement issued on Wednesday evening, Mobile World asserted that its system had not been hacked and that the company did not store customers' card numbers and transaction times, so it was impossible for such information to be leaked from its system.
According to the Authority of Information Security (AIS) under the Ministry of Information and Communications and Vietnamese network security firm Bkav Corporation, there is currently no sign that Mobile World's system has been subjected to a cyber attack. The AIS also backed up the retail giant's claim that it does not store customers' card information.