Viet Nam News
HÀ NỘI — The State Bank of Việt Nam has issued a decree asking businesses to enhance customer information privacy after an alleged breach of mobile retail chain Thế Giới Di Động (Mobile World) revealed personal information of more than five million customers.
The breach hit the headlines last week after a hacker posted three files including more than five million emails, 31,000 bank card numbers and transaction histories on RaidForums.
Thế Giới Di Động quickly denied it was the source of the stolen data.
The company said it did not store any information related to customers’ bank card numbers or transaction history, adding that banking information is processed by payment service providers, meaning the information could not have been stolen from Thế Giới Di Động. The company said its information system was safe and operating normally.
On Saturday, the Authority of Information Security under the Ministry of Information and Communications said it had found nothing to indicate Thế Giới Di Động’s system had been hacked.
After working with the company, the Authority of Information Security said the emails and bank numbers were likely collected from other sources and did not have anything to do with Thế Giới Di Động.
Still, the breach was alarming. The origin of more than five million emails and 31,000 bank card numbers has not been identified.
The State Bank of Việt Nam asked payment service providers and intermediaries to work with Thế Giới Di Động to identify the cause and monitor the transactions of cards involved in the breach to protect customers.
The central bank also asked payment service providers to comply with customers’ information privacy regulations.
The State Bank of Việt Nam said in a note on its website on Saturday that initial reports from banks had not found any cases of account appropriation of customers with cards exposed by the breach.
However, the breach caused security concerns among customers.
The central bank said it would work closely with other management agencies to uncover the hackers and their motives and dole out punishments in accordance with established laws.
Several days after Thế Giới Di Động’s alleged breach, a hacker posted data which was said to be stolen from baby product retailer Concung.com and threatened to publish data stolen from technology retail chain FPT Shop.
According to security forum WhiteHat, the data said to have been taken from Concung.com included names, positions and working addresses of more than 2,200 employees. More than 2,100 phone numbers, 1,130 emails, 2,200 identity card numbers and 1,390 portraits were also revealed.
According to the Authority of Information Security, cyber attacks designed to steal personal information of customers became more common in 2018.
In Document No 8511/NHNN-TT, the authority asked firms to enhance customer privacy and information security.
Data collection, storage, processing and transmitting must be encoded to comply with security regulations.
The authority urged customers to think carefully before providing personal information to online services and to regularly change passwords.
Ngô Anh Tuấn from security company BKAV said enterprises should invest in security systems, especially firms with retail stores and online marketplaces. — VNS