Central bank wants security tightened after national credit database cyberattack

The directive, issued Thursday, followed the announcement by a government cybersecurity agency that there were "signs of personal data breach" at the National Credit Information Center (CIC), a central bank affiliate.

The State Bank said it has received alerts from government agencies and members of the banking sector’s IT incident response network about a sharp rise in targeted cyberattacks exploiting weaknesses in applications and IT infrastructure.

It called on all units to strengthen system security and data protection.

A programmer works on a computer. Photo by Unsplash/Arif Riyanto

Banks and enterprises must take cybersecurity seriously since they would be accountable for data breaches, leaks of state secrets and other cyber incidents.

Institutions were required to completely and swiftly address vulnerabilities. Systems using outdated operating systems and unsupported applications had to be upgraded or replaced.

Security patches had to be applied across all IT infrastructure, particularly servers, applications, network devices, and cybersecurity systems.

Banks and businesses also had to assess the security of third-party services to prevent hackers from exploiting vulnerabilities to break into their own systems.

On Thursday the Vietnam National Cybersecurity Emergency Response Center (VNCERT), under the Ministry of Public Security, said it had received a report of a "cybersecurity incident and signs of personal data breach" at CIC on Wednesday.

VNCERT said it has been working with cybersecurity service providers, CIC and the central bank to investigate, respond and collect evidence. "Initial findings indicate signs of cybercriminal intrusion to steal personal data. The scale of stolen data is still being evaluated."

CIC plays a central role in the country’s monetary and banking system by making and providing credit assessments to financial institutions and borrowers.

In recent years several organizations have fallen victim to cyberattacks. Last year securities firm VnDirect, petrol distributor PVOIL and postal service VNPost suffered ransomware attacks that disrupted their operations.