Billions of Vietnamese people’s personal information is trafficked

## A representative of the Ministry of Public Security said that Vietnamese people’s data is often collected through spreading malicious code, attacking servers, exploiting vulnerabilities. At the Vietnam Security Summit 2023 event on June 2 in Ho Chi Minh City, Major General Nguyen Van Giang, Deputy Director of Cybersecurity and High-Tech Crime Prevention and Control – the Ministry of Public Security, said recently that the police force The agency has prosecuted five cases with thousands of GB of data, including billions of personal information being bought and sold. The collected, traded data contains personal information about users such as full name, date of birth, ID/CCCD number, address, phone number or list of employees, working position at enterprises, organization. According to Mr. Giang, to collect the above data, cybercriminals perform through four main trends. The first is an attack to distribute malicious code to appropriate, steal, encrypt data or blackmail. From the information obtained, criminals use it for fraudulent purposes; debt collection, ransom; act as a springboard for attacks to escalate and appropriate data containing state secrets on socio-economic, national defense and security. The second trend is attacks through the supply chain, stemming from businesses sharing and developing solutions to connect data through APIs, but being used by criminals to steal information. “Many businesses allow suppliers to access sensitive information and data that can affect their businesses and customers,” said Mr. Giang. In the trend of operating services using cloud computing (cloud), the Deputy Director assessed this as an advanced solution, but vulnerable to cybercriminals. Once attacked, data will be completely stolen, causing especially serious damage if advanced and timely security solutions are not deployed. The fourth trend is exploiting security holes, appearing more and more on platforms, from hardware, core services to operating systems. According to Mr. Giang, this is a prominent activity that threatens any agency and organization. The targeted system may contain vulnerabilities on servers using Windows Server, VMWare vSphere, Microsoft Exchange or IoT connection protocols of surveillance cameras, smart home devices such as TVs, air conditioners, routers line. “Most of the leaks are caused by humans” Security experts say people are the main factor leading to data leaks in the past time. Ho Trong Dat, Deputy Director of VNPT Cyber ​​Immunity (VCI), cited Egress’s statistics in 2021 showing that 84% of serious leaks stem from human errors, for example, employees do not comply with regulations. security regulations, employees are dissatisfied with the company and then install backdoors to attack. “It is extremely difficult to prevent leaks,” said Mr. Dat. Nguyen Xuan Nam, strategic director of Viettel Cyber ​​Security (VCS), said that their system in the first quarter of 2023 recorded 10 major leaks, including source code and customer data of technology companies. , retail units and many large universities in Vietnam. According to him, threats from within the organization are increasingly serious, the risk from this group in 2021 increases by 71% compared to the previous year. Experts say that organizations and businesses need to realize “human is a new type of firewall”, better define the role of internal members with possible data risks, then apply solutions, even tactics and technology to reduce the risk. Mr. Tran Dang Khoa, Deputy Director of Information Security Department – Ministry of Information and Communications, assessed that the situation of information insecurity and data security has taken place quite seriously in the world recently. Many organizations provide digital platforms with millions or even hundreds of millions of users exposed. Users are often harassed, scammed through forms such as emails, messages, phone calls. According to Mr. Khoa, Vietnam already has full legal provisions related to personal information, data safety, which is the foundation for data protection work. For individuals, he recommends that users treat personal data and information as an asset. “In some cases, this is a valuable asset, which must be carefully protected, avoiding easy sharing, sharing with third parties is not guaranteed. However, this principle is currently fundamentally unsatisfactory. applied or not fully applied,” he said. He recommended that each individual equip themselves with digital skills to protect themselves, not to provide arbitrary information in cyberspace, “because the information we provide does not pay attention to the protection of personal data. will someday become a double-edged sword against us,” Khoa said.