On September 12, the Criminal Investigation Department of the Ho Chi Minh City Police released a statement noting that the leaked personal information from CIC could be exploited by scammers to carry out elaborate fraudulent schemes.

According to their analysis, the public may soon encounter the following types of scams:

Impersonation of banks, CIC, and government agencies: Scammers use victims' full names, ID numbers, and account details to call or message, claiming issues such as “bad debts” or “identity verification” to trick people into revealing passwords or OTPs.

Fake debt clearance or credit limit increase services: These target students and low-income workers in urgent need of quick loans.

Posing as relatives or leaders: Scammers exploit detailed personal data to impersonate trusted individuals and request urgent fund transfers.

Legal threats: Fraudsters impersonate police, prosecutors, or courts, coercing victims into transferring money to supposed “safe accounts”.

Spam via SMS, Zalo, or email with malicious links: Designed to lure victims into clicking links that further steal personal data.

The police noted that likely targets of these scams include students, laborers, public servants, and the elderly.

To avoid falling victim, the Ho Chi Minh City Police recommend that citizens take the following precautions:

Never provide passwords or OTPs via phone, message, or email.

Do not click on suspicious links; always use official banking websites or apps.

Verify information directly with banks or authorities through official hotlines or in-person visits.

Do not transfer money for “verification” purposes to unknown accounts.

Students and workers should be cautious of “CIC debt clearance” or “0% quick loan” advertisements.

Families should regularly remind and guide elderly members on how to identify fraudulent calls and messages.

The Criminal Investigation Department emphasized: “Every citizen must remain vigilant, stay updated with alerts from the police, banks, and trusted news outlets to safeguard personal safety and financial security.”

Ongoing investigation into the breach

On September 11, the Vietnam Cybersecurity Emergency Response Teams/Coordination Center (VNCERT) confirmed the data breach at CIC.

Specifically, on September 10, VNCERT received a report of a cybersecurity incident and signs of personal data violation occurring at CIC.

Upon receiving the information, the Cybersecurity and High-Tech Crime Prevention Department (Ministry of Public Security) instructed VNCERT to coordinate with security units from Viettel, VNPT, NCS, CIC, and relevant agencies under the State Bank to investigate the breach, implement technical measures, enhance cybersecurity, and collect evidence in accordance with legal procedures.

Initial findings indicate that hackers likely infiltrated CIC's system to steal personal data. Authorities are currently assessing the full scale of the compromised information.

Dam De