Public employees work at the Security Operations Centre (SOC) and Intelligent Operations Centre (IOC) of Ninh Thuận Province. — VNA/VNS Photo

Facing the increasing risks of personal data theft and ransomware attacks, cybersecurity experts are advising on the need for better legal frameworks and coordination to protect citizens and their rights.

Lê Quang Hà, product director of Viettel Cyber Security said that in the first six months of 2024, the company recorded 46 data breaches and sales, 13 million records on sale, 12.3 gigabytes of source codes leaked, alongside ten ransomware attacks and 56 companies suspected of being targeted.

There were also 495,000 DDoS (distributed denial-of-service) attacks, 2,364 phishing domains, seven advanced persistent threat groups detected, 17,648 new cyber security vulnerabilities discovered and 2,139 IP addresses connected to phishing domains, the tech expert added.

“Given this frequent level of cyber attacks, it can be said that a professional cybercrime industry has been established,” Hà told Tin tức (News) newspaper.

According to Director of the National Cyber Security Centre Colonel Lê Xuân Thủy, since the end of 2023, six ransomware attacks on Vietnamese businesses in banking, securities, energy, postal services and telecommunications have been recorded.

Colonel Thủy added that in the wake of these serious cyberattacks, most organisations failed to report issues to authorities.

Nguyễn Minh Chính, Director of the Ministry of Public Security’s Department of Cyber ​​Security and High-tech Crime Prevention (A05) said that personal data leaks were common in the cyber sphere, with many internet users unaware of the need to protect their own information.

These leaks could come from their public posts or were stolen during data transfer and storage.

The sale and purchase of personal data, both raw and processed, were rampant, he added.

This situation stemmed from businesses and service providers allowing third-party partners access to their customers’ data without strict regulations and obligations.

In other cases, businesses actively collect their customers’ information to form their own database, which is then analysed and processed for commercial purposes.

Systematic data trade

Experts observed that personal data trade is now being conducted systematically, and in some cases, with warranty or updates per the buyer’s request.

Most of the transactions are done openly over extensive periods of time on the internet, whether through websites, social media or hacker forums.

“The sale and purchase of personal data are not scattered between individuals, there is involvement of businesses and organisations,” said A05 director Chính, explaining how new companies often illegally collect personal data for commercial purposes through tools hidden on websites.

Malware spread in the online sphere and attacks on the computer systems of other businesses and organisations also pose threats to databases, according to Chính.

A05 statistics showed that the public security ministry cracked down on hundreds of individuals and organisations engaging in personal data trade, with several cases of large-scale data theft.

The amount of illegally collected and traded personal data from these cases reached thousands of gigabytes.

The ministry has also actively detected and investigated 16 cases of leaked internal data and state secrets on the internet.

In response to the increasingly rampant illegal data trade, the public security ministry has advised the government and National Assembly on the development of Decree 13/2023/NĐ-CP on personal data protection.

The ministry is also assigned to lead and coordinate the drafting of the Law on Personal Data Protection to protect citizens’ rights to personal privacy, human rights and cyber security.

Meanwhile, the Research and Consulting Committee for Technology Development and International Cooperation (under the National Cybersecurity Association) proposed establishing a collaborative information platform.

This platform is expected to be connected to databases of the Ministry of Public Security, Ministry of Information and Communications, the State Bank of Vietnam, cybersecurity organisations in the country and globally, as well as independent cybersecurity experts.

Vũ Ngọc Sơn, head of the committee said: “Sharing information is the best way to offer members of the association a comprehensive view of the situation and latest cybersecurity intelligence.

“This will help them identify and actively respond to new threats, thereby enhancing security.” — VNS