Unverified news of a Vietnamese leading mobile reseller’s website being compromised with its customer data leaked has sounded the latest alarm bell on the poor awareness of data security and privacy in the country.

The rumor that The Gioi Di Dong, one of Vietnam’s largest mobile retail chains, had more than five millions of its customers’ private data, including payment card information, exposed after a hack was widespread on the Internet on Wednesday.

The data breach was first reported by RaidForums, a message board known for database leaks, when one anonymous user named “Erwincho” posted links to three attached files that it claimed were a “database dump, belonging to one of Vietnam’s largest resellers – Mobile World JSC (best known for their brand – Thegioididong.com).”

Although The Gioi Di Dong’s public relations manager Dang Thanh Phong was quick to assert that “all the information is false,” some Vietnamese Internet users said that they were able to download the email list leaked on RaidForums and find their own email addresses.

After two days of verification, the Authority of Information Security (AIS) under Vietnam’s Ministry of Information and Communications told Tuoi Tre (Youth) newspaper on Friday that the agency “discovered no sign of attack on system components related to the alleged leaked personal information.”

According to an AIS representative, the main transactions between customers and The Gioi Di Dong are usually performed through POS (Points of Sale) devices and e-commerce websites, which then encrypt and transfer all information related to credit cards of customers to banks or providers of intermediary payment services, as per the regulations of the State Bank of Vietnam.

In other words, the mobile reseller’s system does not store any information of customers’ bankcards.

“In Vietnam, email information can be collected from various sources that have been exposed, or leaked before,” the representative said, implying that the exposed addresses could come from other online sources.

Still, the representative noted that a number of users, organizations and enterprises in Vietnam still have low awareness on protecting personal information.

Alarm bell

According to a survey by accounting firm PwC in collaboration with the Vietnam Chamber of Commerce and Industry and Vietnam Business Council for Sustainable Development last month, one of the three biggest challenges Vietnamese enterprises are encountering in the digital economic revolution is “failing to solve problems of security and data security.”

The Gioi Di Dong’s incident has once again sounded the alarm bell of the weak security of customer information in the country, Ngo Tan Vu Khanh, Director of Development in Vietnam of security solution provider Kaspersky Lab, emphasized.

In fact, a number of Vietnamese firms have already suffered from network security incidents before, namely the series of hacking attacks into the systems at several major airports and two websites in the country in July 2016.

In this context, security firms predict the information security situation of Vietnam will be more threatened, with the application of smarter technology by hackers as the nation has determined to build smart cities, applying sensors, cameras and IoT (Internet of Things) devices.

A customer pays by bank card at a The Gioi Di Dong store in Ho Chi Minh City. Photo: Tuoi Tre

According to Kaspersky Lab, Vietnam ranks second in the world among the countries affected by attacks on IoT devices, accounting for up to 15 percent of global attacks, just behind China with 17 percent.

In Vietnam, many mobile and desktop applications demand access to various data on the devices even though these apps’ functions have nothing to do with the data.

For instance, a photo editing app may require access to users’ contact list, or a flashlight application may want to gain entry to phone memory and gallery.

Users with poor awareness of privacy would give permission to these apps without a second thought.

Many websites, more often than less, also ask for users’ personal information, such as address, phone number and email addresses.

Likewise, social networking sites easily collect users’ data not only through the enforced forms of log-in information and account verification, but also by encouraging them to share personal photos and video.

Security researchers have also warned users that some popular dating applications can transfer unencrypted data through unsafe web access.

Leaked data is one of the ‘best sellers’ on dark web, according to data analytics company Experian, as several types of them are sold for as much as US$2,000.

According to PwC Vietnam’s Director CyberSecurity Robert Trong Tran, the U.S digital advertisement industry was able to earn $240 for each user’s data on average in 2016.

This explains why data breach is rampant in the world, especially in Vietnam.

Like us on Facebook or follow us on Twitter to get the latest news about Vietnam!