SBV urges customer information security

Customers should think carefully before providing personal information on the Internet. (Source:genk.vn)

The breach hit the headlines last week after a hacker posted three files including more than five million emails, 31,000 bank card numbers and transaction histories on RaidForums.

The Gioi Di Dong quickly denied it was the source of the stolen data. The company said it did not store any information related to customers’ bank card numbers or transaction history, adding that banking information is processed by payment service providers, meaning the information could not have been stolen from The Gioi Di Dong. The company said its information system was safe and operating normally.

On November 10, the Authority of Information Security under the Ministry of Information and Communications said it had found nothing to indicate The Gioi Di Dong’s system had been hacked.

After working with the company, the Authority of Information Security said the emails and bank numbers were likely collected from other sources and did not have anything to do with The Gioi Di Dong.

Still, the breach was alarming. The origin of more than five million emails and 31,000 bank card numbers has not been identified.

The SBV asked payment service providers and intermediaries to work with The Gioi Di Dong to identify the cause and monitor the transactions of cards involved in the breach to protect customers.

The central bank also asked payment service providers to comply with customers’ information privacy regulations.

The SBV said in a note on its website on November 10 that initial reports from banks had not found any cases of account appropriation of customers with cards exposed by the breach. However, the breach caused security concerns among customers.

The central bank said it would work closely with other management agencies to uncover the hackers and their motives and dole out punishments in accordance with established laws.

Several days after The Gioi Di Dong’s alleged breach, a hacker posted data which was said to be stolen from baby product retailer Concung.com and threatened to publish data stolen from technology retail chain FPT Shop.

According to security forum WhiteHat, the data said to have been taken from Concung.com included names, positions and working addresses of more than 2,200 employees. More than 2,100 phone numbers, 1,130 emails, 2,200 identity card numbers and 1,390 portraits were also revealed.

According to the Authority of Information Security, cyber attacks designed to steal personal information of customers became more common in 2018.

In Document No 8511/NHNN-TT, the authority asked firms to enhance customer privacy and information security.

Data collection, storage, processing and transmitting must be encoded to comply with security regulations.

The authority urged customers to think carefully before providing personal information to online services and to regularly change passwords.

Ngo Anh Tuan from security company BKAV said enterprises should invest in security systems, especially firms with retail stores and online marketplaces.