After data on more than 31,000 bank card transactions at The Gioi Di Dong store chain were breached and disclosed on RaidForums, a hacker has released part of the data which supposedly belongs to staff of Con Cung and threatened to make the retail chain’s information and FPT Shop’s database public, VnExpress news site reported.
According to the security forum WhiteHat, the leaked data contained 2,272 names, family names, positions of staff and store addresses where they are working, 2,187 phone numbers, 1,133 email addresses, 2,272 ID card numbers and 1,395 headshots.
Ngo Tuan Anh, Bkav vice chairman in charge of cyber security, said that the data exposed by the hacker belong to the staff of Con Cung, adding that its system might have been hacked.
Anh recommended that the staff change their passwords, which were used for various accounts.
The hacker said on RaidForums that the information would be sold at a reasonable price or exchanged in a barter.
A cyber security expert at a Hanoi-based technology group said that the hacker is in the process of revealing information, as part of a plan to achieve a specific purpose. The disclosed data, however, was not stolen in a usual manner, the expert remarked.
Another expert said that a campaign to tarnish the reputations of major brands in the market is emerging, adding that the leaked data, which was collected from different sources, is less valuable and outdated.
The data from Con Cung was stolen from an internal app for its staff when a staffer’s account was hacked, the expert said.
Con Cung has yet to comment on the revelation, while FPT Shop refused to respond to the incident because the firm asserted that its data is impossible to disclose.
Earlier, a member of RaidForums posted alleged data of The Gioi Di Dong on the forum. However, a representative of the mobile phone store chain confirmed that the information was not related to its customers or staff and that the firm’s computer network was operating as usual.
It is said that prior to the leak of The Gioi Di Dong information, data from 160 million Zing ID accounts had also been disclosed on RaidForums, a forum for database trading, with some 90,000 members.
SGT