Speaking at the Vietnam Security Summit 2026 on May 22, Lieutenant Colonel Tran Trung Hieu, Deputy Director of the National Cybersecurity Center and Director of VNCERT under the Ministry of Public Security’s Department of Cybersecurity and High-Tech Crime Prevention, said the agency is currently responding to two highly serious data breach incidents involving ministerial-level agencies.

According to Tran Trung Hieu, hackers infiltrated systems containing millions of user records.

Initial investigations conducted by VNCERT between May 21 and May 22 showed that the affected agencies already operated Security Operations Center systems, commonly known as SOC platforms.

However, the monitoring systems failed to detect the attacks.

Authorities are now investigating whether the malicious activity may have blended into ordinary user behavior. VNCERT said it expects to release conclusions in the near future.

Expensive systems but insufficient personnel

Tran Trung Hieu said the incidents highlighted a broader challenge facing organizations and businesses in Vietnam - the severe shortage of qualified cybersecurity personnel.

“We can invest heavily in large systems such as the SOC platforms used by ministerial-level agencies, but without people to operate them properly, they cannot effectively protect information security,” he said.

He noted that many major cyberattacks in Vietnam over the past three years have targeted organizations that had already invested in costly security infrastructure but failed to maximize its effectiveness.

According to the official, the direct cause is often the lack of skilled staff, including even personnel capable of handling daily system operations.

He also revealed that in some previous cases hackers had remained hidden inside enterprise systems for up to nine months before launching attacks.

Vietnam’s cybersecurity workforce currently faces shortages in both quantity and quality, affecting not only government agencies but also major private enterprises.

Tran Trung Hieu recalled an incident involving a major Vietnamese bank where, despite investing in an SOC system, the institution only monitored cybersecurity operations during daytime hours.

“At night, no one was watching what hackers were doing,” he said.

Many Vietnamese businesses, including large corporations, already possess SOC systems but continue to face shortages of qualified personnel capable of operating and managing those technical platforms effectively.

Leaders unaware of ongoing attacks

Tran Trung Hieu also pointed to weak awareness among organizational leaders regarding cybersecurity risks.

He said many executives remain unaware that their own systems are under attack.

“I have personally called chairmen and executives of major corporations to ask how they were handling ongoing cyberattacks, only to hear replies such as, ‘I haven’t heard any reports from my staff yet,’” he said.

According to Tran Trung Hieu, some subordinates deliberately conceal cybersecurity incidents from senior management out of fear of being blamed.

“This creates situations where leaders do not know what is happening while lower-level staff hide incidents from them,” he said.

He warned that attacks targeting agencies and enterprises holding sensitive national data could have far-reaching consequences for both national security and the public.

“Many organizational leaders still do not pay sufficient attention to cybersecurity. In reality, there have been numerous cyberattacks in which hackers stole organizational data, personal information, documents and even state secrets," Hieu said

He added that authorities have repeatedly warned agencies and businesses in writing that serious cybersecurity failures causing harm to national security or exposing state secrets could lead to criminal liability for organizational leaders.

“We may consider criminal prosecution for negligence causing serious consequences or intentional wrongdoing,” he said.

Thai Khang