Vietnamese Police Bust Major Personal Data Trafficking Ring, Exposing a Market for Stolen Information (Vietnamese below)

Vietnamese authorities have dismantled a criminal ring that illegally bought and sold a staggering 56 million personal data records, exposing the vast scale of illicit data trade in the country. The operation, which involved stolen information from government employees, corporate staff, and ordinary citizens, highlights growing concerns over data privacy in Vietnam.

56 Million Personal Data Records Sold for Profit

On February 12, 2025, Hue City’s Cybersecurity and High-Tech Crime Prevention Department announced the successful dismantling of a massive illegal data trade network. The operation, led by Colonel Mai Van Toan, resulted in the arrest of three individuals involved in selling millions of stolen personal records for illicit profits.
The scheme was masterminded by Le Cong D., a 28-year-old residing in Hanoi. D. and his associates used disposable SIM cards and non-traceable bank accounts—often acquired through online black markets—to create fake social media accounts. These accounts were used to distribute, sell, and further exploit sensitive personal data across multiple provinces and cities in Vietnam.

According to the investigation, since 2019, D. had accumulated and sold over 53 million personal data records. Further inquiries led to the arrest of two other key figures, N.M.T. (26 years old) and D.T.L. (43 years old), both based in Ho Chi Minh City, who had collectively been involved in trafficking an additional 2.6 million records. Their illegal dealings generated billions of Vietnamese dong (equivalent to hundreds of thousands of U.S. dollars) in profits.

How Was the Data Stolen?

Authorities have not disclosed the exact sources of the leaked data, but cybersecurity experts suggest that such a vast trove of information could not have been collected manually. Instead, investigators suspect the data was siphoned from government agencies, financial institutions, healthcare providers, and private corporations—either through insider leaks, system breaches, or unauthorized data sharing.

In recent years, Vietnam has seen an increase in cases where individuals and businesses receive unsolicited calls, emails, and text messages from unknown parties offering financial services, real estate deals, and fraudulent insurance schemes. Victims often report that these callers already possess their full names, phone numbers, addresses, and even official ID numbers, suggesting a major breach of personal data security.
One concerned citizen, commenting on the case, wrote:

“Where did these criminals get their hands on 56 million records? They couldn’t have collected them one by one—there must have been a massive data leak somewhere.”

The Dangers of Data Breaches

This case serves as a wake-up call for Vietnamese citizens and institutions alike. Personal data theft is not just about spam calls or annoying sales pitches—it can lead to identity theft, financial fraud, and blackmail.
Common scams linked to stolen data include:

Fake government and banking calls: Scammers impersonate police officers, tax officials, or bank employees, demanding payments or access to sensitive information.

Insurance and loan fraud: Criminals use stolen details to take out loans or insurance policies in someone else’s name.

Corporate espionage: Competitors or fraudsters exploit employee and client databases for financial gain.

Social engineering attacks: Fraudsters manipulate victims into providing further information or access to accounts.

A victim from Ho Chi Minh City shared her experience:

“I was sleeping when I got a call demanding I pay my electricity bill, threatening immediate disconnection. They knew my name, ID number, and address—everything. It was terrifying.”

Authorities Urge Stronger Cybersecurity Measures

In response to the case, Colonel Mai Van Toan has urged citizens and businesses to take stricter precautions to safeguard their personal data. His recommendations include:

Regularly changing passwords and enabling two-factor authentication (2FA) for online accounts.

Verifying the identity of callers and email senders before sharing any personal details.

Reporting suspicious requests that claim to come from government agencies or financial institutions.

Limiting the amount of personal data shared on social media and unsecured platforms.

The Vietnamese government has been working on stronger data protection laws, with proposals to criminalize unauthorized data trading and increase penalties for businesses and individuals found guilty of mishandling customer information.

Growing Calls for Stricter Regulations

As the investigation into this data theft case continues, many in Vietnam are demanding greater accountability from organizations handling sensitive information. Some commenters have called for real estate firms, banks, and insurance companies—which frequently buy personal data for telemarketing purposes—to face stricter scrutiny and legal consequences.

One social media user stated:

“The law should not just punish those who sell data—it should also go after those who buy it. How many times have banks and real estate agents called us using stolen personal information?”

Cybersecurity experts argue that Vietnam needs stronger enforcement mechanisms and transparency requirements for companies that collect and store personal data. Without these measures, citizens will remain vulnerable to exploitation, and cybercriminals will continue to find ways to profit from stolen information.

The Bigger Picture: A Global Trend in Data Theft

The exposure of this criminal network in Vietnam mirrors a broader global trend: personal data has become one of the most valuable commodities in the digital age. Across the world, black markets thrive on stolen information, fueling identity fraud, phishing attacks, and ransomware schemes.

With billions of personal records circulating online, experts emphasize that governments and individuals must remain vigilant. From strengthening legal protections to investing in cybersecurity awareness, safeguarding personal data is now more critical than ever.

As authorities work to dismantle more data trafficking networks, the case of the 56 million stolen records serves as a stark reminder: in an era where information is power, personal data protection is no longer an option—it is a necessity.

Công an TP Huế vừa triệt phá đường dây mua bán hơn 56 triệu dữ liệu cá nhân, thu lợi hàng tỉ đồng, theo báo Tuổi Trẻ.

Sáng 12-2, thượng tá Mai Văn Toàn, trưởng Phòng An ninh mạng và phòng chống tội phạm sử dụng công nghệ cao Công an TP Huế, cho biết đơn vị vừa phá thành công chuyên án mua bán dữ liệu cá nhân “khủng”, khởi tố 3 người có liên quan.
Theo đó, từ cuối năm 2024, Công an TP Huế phát hiện đường dây mua bán trái phép thông tin dữ liệu cá nhân của công dân trên toàn quốc. Trong đó có lượng lớn dữ liệu cá nhân tại TP Huế, gồm dữ liệu của cán bộ, công chức, viên chức, nhân viên các công ty và công dân.

Xác định đây là vụ việc phức tạp, Phòng An ninh mạng và phòng chống tội phạm sử dụng công nghệ cao Công an TP Huế đã phối hợp với các lực lượng nghiệp vụ của Bộ Công an tiến hành điều tra.
Công an phát hiện đường dây mua bán trái phép trên do Lê Công Đ. (28 tuổi, ngụ TP Hà Nội) cầm đầu. Đ. và nhiều người ở các tỉnh, thành phố khác đã sử dụng sim “rác”, tài khoản ngân hàng không chính chủ (mua, thuê lại của người khác) rồi tạo các tài khoản ảo trên các mạng xã hội để thực hiện hành vi phạm tội.

Theo điều tra, từ năm 2019 đến nay, Lê Công Đ. đã thu thập, mua bán trái phép hơn 53 triệu thông tin dữ liệu cá nhân.

Tiếp tục đấu tranh mở rộng, công an đã khởi tố thêm 2 người là N.M.T. (26 tuổi) và D.T.L. (43 tuổi, cùng ngụ TP.HCM) vì hành vi thu thập, mua bán hơn 2,6 triệu thông tin dữ liệu cá nhân trái phép. Tổng cộng 3 người trên đã mua bán gần 56 triệu dữ liệu cá nhân, thu lợi bất chính hàng tỉ đồng.

Theo thượng tá Mai Văn Toàn, người dân nên thường xuyên thay đổi mật khẩu, sử dụng xác thực hai yếu tố, cẩn thận khi chia sẻ thông tin cá nhân cho người khác. Cần kiểm tra, xác thực thông tin khi có yêu cầu tự xưng là cán bộ cơ quan nhà nước, nhân viên các ngân hàng, nhà mạng… đề nghị cung cấp thông tin cá nhân.