A Data Breach Of Epic Proportions In Vietnam

As of September 13, some individuals whose names appeared in sample files being circulated on the dark web said they had received no warnings, no protection and no explanation.

The leaked dataset, according to security experts, included:

• Full personal identification (ID numbers, passports, driving licenses)
• Biometric data and medical records
• Tax codes, income and debt information
• Credit card and banking records
• Employment, education and residence history
• Government, police and military personnel profiles

This isn't just a privacy issue; it's a national security breach. When foreign intelligence services can buy profiles of Vietnamese government officials and military members for less than the cost of a luxury car, no law or slogan can compensate for the damage done.

In a tone-deaf public notice, police authorities urged citizens to remain vigilant and“protect themselves” against identity theft and cybercrime, placing the burden back on the victims.

The irony is stark: the state collects data without consent, fails to protect it and then blames the people for not being digitally literate enough to defend themselves.

This contradiction is particularly jarring in the context of the government's recent push for a“digital literacy campaign.” On September 13, General Secretary To Lam praised the launch of“Digital Mass Literacy – Digital Parliament” as part of Vietnam's national modernization.

At the same time, he admitted that most citizens and even government officials lack fundamental knowledge about data protection or digital transformation.

The Ministry of Public Security's draft legislation envisions a future where data is commodified, yet claims to prioritize national security and individual privacy. But the CIC breach reveals a harsh truth: Vietnam does not yet have the technical or institutional capacity to manage that dual mandate.

General Vu Van Tan, head of the Cybersecurity Department, recently stated that data should not sit idly in databases but rather should be“shared and monetized to generate value for society.”

But when the value of data outweighs the commitment to protect it, citizens are no longer stakeholders – they are vulnerable bystanders.

To restore trust, Vietnam needs more than draft laws and slogans. It needs:

• A public apology and immediate notification to all affected individuals
• Independent oversight of any future data exchanges
• Strict liability for state and corporate entities involved in data mishandling
• Investment in real cybersecurity infrastructure, not just propaganda
• Clear legal pathways for compensation to citizens harmed by data breaches

Most importantly, the Vietnamese government must recognize that data rights are human rights. Without accountability, security and consent, the promise of a“digital society” becomes instead a digital trap.

Sign up for one of our free newsletters

• The Daily Report Start your day right with Asia Times' top stories
• AT Weekly Report A weekly roundup of Asia Times' most-read stories

Nguyen Ngoc Nhu Quynh, also known as Mother Mushroom, is a Vietnamese writer, dissident and former political prisoner. She currently lives in exile in the United States and advocates for transparency, data rights and civil liberties across Southeast Asia through WEHEAR, a non-governmental organization she co-founded.

Sign up here to comment on Asia Times stories Or Sign in to an existing accoun

Thank you for registering!

An account was already registered with this email. Please check your inbox for an authentication link.

• Click to share on X (Opens in new window) X
• Click to share on LinkedIn (Opens in new window) LinkedIn
• Click to share on Facebook (Opens in new window) Facebook
• Click to share on WhatsApp (Opens in new window) WhatsApp
• Click to share on Reddit (Opens in new window) Reddit
• Click to email a link to a friend (Opens in new window) Email
• Click to print (Opens in new window) Print