HomeBlogVietnam: Major Attacks & Changes to Personal Data Protection Law
Back
BACK TO BLOG LIST
Vietnam: Major Attacks & Changes to Personal Data Protection Law
18.06.2025

Major news is coming from Vietnam. This roundup will provide details on officials sharing information about recent attacks on critical sectors, as well as the National Cybersecurity Center's development of support initiatives for local businesses. Additionally, the new draft Personal Data Protection Law is being discussed publicly. This law includes revenue-based fines for violations, a prohibition on the trade of personal data, and an emphasis on the rights of individuals whose data is being collected and processed.

The National Cybersecurity Center (A05), under the Ministry of Public Security, has made a series of statements regarding recent cyberattacks. The deputy director of A05 stated that criminals have targeted critical Vietnamese sectors, such as energy, finance, healthcare, and media. One commercial bank has fallen victim to these attacks, resulting in direct financial losses of 100 billion VND (approximately $4 million).

These incidents highlight the current security challenges faced by Vietnamese companies. Over half of these companies lack necessary tools or personnel. For example, the victim bank had an SOC (Security Operations Center), but due to a lack of skilled professionals, it functioned only during business hours. Intruders, on the other hand, attacked during the night, when the bank's security perimeter was vulnerable.

Representatives from A05 also provided information about another set of incidents. In April 2025, criminals targeted Vietnamese news organizations. According to officials, three major agencies were compromised, allowing criminals to gain access to internal data. The disclosure of sensitive information could potentially pose a risk to national security.

Attacks on media outlets pose a severe threat to the Vietnamese companies. News companies operate on shared technology platforms developed by local vendors. One successful data breach could potentially compromise multiple agencies, as criminals would replicate the same techniques and tactics.

Cybercrime is a growing concern in Vietnam, with the number of incidents increasing each year. In 2024, cyberattacks increased by 60%, with 659,000 attacks reported. As a result, 46% of both public and private organizations in Vietnam had been affected by security breaches by the end of last year.

Due to the increase in the number of cyberattacks, Vietnamese governmental bodies are working on addressing the rising challenges. For instance, the National Cybersecurity Center is preparing to publish a national cybersecurity index to assist businesses and public organizations in assessing their readiness to defend against attacks.

According to the Cisco survey data, only 11% of Vietnamese companies have “mature” cybersecurity capabilities. However, the positive statistics is that the number of mature organizations doubled in comparison with the previous year. Despite that, a survey conducted by the National Cybersecurity Association revealed some worrying facts:

  • 87% had no data backup or recovery plan,
  • 89% lacked a security operations center (SOC),
  • 2% had not implemented ISO standards,
  • 6% had no dedicated cybersecurity staff.

To address information security challenges, the Vietnamese government is deploying support initiatives, such as the National Standard on Cybersecurity for Critical IT Systems, and working on global legal frameworks.

One such major law, a cybersecurity law, is planned to be presented at the National Assembly in October 2025. It will unify the 2015 Law on Information Security and the 2018 Law on Cybersecurity in a single legal act.

Another major law is currently being discussed by the NA Committee for National Defense, Security, and Foreign Affairs. A draft Personal Data Protection Law introduces strong data subject rights and proposes high penalties, including revenue-based fines, for potential violations.

There are several key changes in the upcoming draft.

  • The law applies to all individuals and organizations that process personal data about Vietnamese citizens.
  • The draft introduces a principle for differentiation of violations based on their nature, severity, and consequences. The penalties vary from administrative sanctions to criminal prosecution, with compensation for any caused damage on top of that.
  • Those who buy or sell personal data without permission could face a fine of up to 10 times their illicitly gained revenue. For companies that engage in cross-border data transfers without authorization, the fine could be up to 5% of their previous year's revenue. Other violations could result in fines of up to VND 3 billion ($112,000), with individuals facing half of that amount.

The purpose of these changes is clear. The government is working on the creation of a seamless legal field for companies of various sizes. The end goal is to facilitate businesses aligning with the best security practices.

The draft law prohibits buying and selling personal data, as it is directly connected to human rights, privacy, and identity. Additionally, the upcoming law bans several high-risk activities. The list includes:

  • Processing personal data to oppose the State,
  • Obstructing data protection activities,
  • Abusing data protection activities to violate the law,
  • Illegally collecting, storing, transferring, and disclosing personal data,
  • Misusing personal data.

Officials have yet to finalize the draft Personal Data Protection Law. However, there are several key ideas. There is emphasis on the protection of human rights related to personal data. On the other hand, the Vietnamese government is creating a set of legal measures to form an effective deterrent for businesses and organizations. Therefore, businesses will need to rethink their cybersecurity approach and allocate resources for effective protection.

Vietnamese businesses and public entities are facing an increasing number of cyberattacks. At the same time, the government is imposing stricter penalties and fines for violations of data protection regulations. Consequently, legal compliance and security are becoming top priorities for companies operating in Vietnam, both local and international.

Managed Security Service (MSS) may be a response to existing challenges in conditions of uncertainty. These services provide access to highly skilled and trained security professionals, which can be difficult to find in the local market. In addition, MSS offers a comprehensive software package that includes cutting-edge security solutions. The service ensures comprehensive protection for sensitive data and helps with compliance with local regulations. MSS delivers immediate results by addressing legal and security concerns.

Start your free 30-day trial now!

BACK TO BLOG LIST
Letter Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
FileAuditor
DLP
Risk Monitor
ProfileCenter
SIEM
MSS
MSSP
Cloud Deployment
Contact
About Our Company
Our Clients
Press About Us
Press Kit
White Papers
Third-party integration
Research
Practices and use cases
Videos
Company News
Product News
Events
Blog
Compliance
Data Loss Prevention
Investigation
Data at Rest Discovery
Data Encryption
Data Visibility
Data Classification and Protection
Time Tracking and Employee
Monitoring
Corporate Fraud Mitigation
C-level executive
Risk manager
Internal audit officer
Compliance manager
Information security analyst
Chief Human Resources Officer
Business Services
Education
Financial Services
Government
Insurance
Manufacturing
Healthcare
Retail
Energy
Hospitality
Construction
SearchInform partners
Become a partner
Partner login
SearchInform products are recognized by
Gartner The Radicati Group
Follow us:
© 2025 SearchInform LTD All rights reserved.
Terms of Use
Licence
Privacy&Cookies
Cookie settings