Breach of Vietnam Credit Database May Trigger Company Notification Obligations

1.0Tilleke & Gibbinshttps://www.tilleke.comErichttps://www.tilleke.com/author/eric/Breach of Vietnam Credit Database May Trigger Company Notification Obligations - Tilleke & Gibbinsrich600338<blockquote class="wp-embedded-content" data-secret="ahpLQHwDBy"><a href="https://www.tilleke.com/insights/breach-of-vietnam-credit-database-may-trigger-company-notification-obligations">Breach of Vietnam Credit Database May Trigger Company Notification Obligations</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://www.tilleke.com/insights/breach-of-vietnam-credit-database-may-trigger-company-notification-obligations/embed/#?secret=ahpLQHwDBy" width="600" height="338" title="“Breach of Vietnam Credit Database May Trigger Company Notification Obligations” — Tilleke & Gibbins" data-secret="ahpLQHwDBy" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); /* ]]> */ </script> On September 10, 2025, Vietnam’s National Credit Information Center (CIC) reported to the Vietnam Cybersecurity Emergency Response Team (VNCERT) a suspected significant cybersecurity incident involving unauthorized access to the CIC’s credit information database. A hacker group has claimed responsibility and allegedly posted over 160 million records for sale, including sensitive personal and financial data. Implications for Banks and Financial Institutions Companies that share customers’ or potential customers’ personal data with the CIC for credit scoring or other purposes—and continue to act as a data controller for such data—may be obligated under Vietnam’s Personal Data Protection Decree (PDPD) and related regulations to: Notify A05 (Department of Cybersecurity and High-Tech Crime Prevention) and the State Bank of Vietnam without delay. Inform affected individuals if their personal data is at risk. Recommended Actions Companies that could be impacted by this data breach should take the following actions: Conduct an internal review of CIC-related