The stolen data includes customer names, dates of birth, phone numbers, email addresses, and residential addresses. The earliest records date back to November 23, 2020, while the latest are from June 20 this year.

The hacker group behind the breach is reportedly Scattered LAPSUS$ Hunters – a rebranded name following the merger of ShinyHunters with another cybercrime group.

ShinyHunters was previously responsible for leaking data from Vietnam’s National Credit Information Center (CIC), which is also mentioned on the site that released the Vietnam Airlines data.

Hackers claim they gained access to Salesforce accounts of 39 companies, including major names like Vietnam Airlines, Google, Cisco, Disney, and FedEx.

Salesforce provides customer relationship management (CRM) solutions to Vietnam Airlines. This indicates that the attackers did not hack Vietnam Airlines’ own systems directly but infiltrated its Salesforce account to extract customer data.

After failing to extort Salesforce, the hackers began publishing and selling data from several companies, including Vietnam Airlines, Qantas, and GAP Inc.

According to posts on hacker forums, the group is offering data from 7.3 million Vietnam Airlines customers for sale.

On the morning of October 13, a representative from VNCERT (under A05 - Ministry of Public Security) confirmed to VietNamNet that Vietnam Airlines’ customer data is indeed being listed for sale on hacker forums. VNCERT is actively investigating the incident.

On October 12, VietNamNet contacted Vietnam Airlines for official comment, but as of now, the airline has not issued a public response regarding the breach.

Experts warn that with such data, cybercriminals could launch targeted scams impersonating Vietnam Airlines.

Citizens are advised to stay alert against potential fraudulent calls and phishing attempts related to this breach.

This is not the first cybersecurity incident involving Vietnam Airlines.

On July 29, 2016, hackers attacked the airline’s information systems. That afternoon, displays at the domestic terminal showed provocative messages and misinformation about the South China Sea.

In response, airport technicians disconnected network systems at both the domestic and international terminals, disabling check-in systems.

At the domestic terminal, flight information displays and check-in computers were hijacked and infected with malware.

The attack severely disrupted operations. Dozens of flight information monitors and computers were rendered unusable. Some servers were wiped, and staff had to manually process flight check-ins using handheld speakers and whiteboards, delaying nearly 100 flights.

The 2016 attack also exposed information on more than 410,000 frequent flyer members of Vietnam Airlines and damaged several physical and virtual servers, tarnishing the airline’s reputation.

Thai Khang