Personal data of millions of Vietnamese citizens is being sold for as little as VND 1,000 (4 US cents) to VND 4,000 (16 US cents) per record on Telegram, Zalo, and Facebook fan pages, Viettimes has reported.
Sellers offered a reporter for the publication tailored datasets by profession and location, offering to transfer the files within 5–10 minutes of receiving payment.
Key points in the article:
- Reporters uncovered brokers offering residential, financial, and education-related data, including Vinhomes apartment owner lists sold for as low as VND 500,000 (US$20).
- Data leaks were traced to service providers such as hospitals or property managers, with little enforcement against those responsible.
- Viettel Cyber Security reported a 380 percent year-on-year surge in leaked Vietnamese data in Q1 2025, totalling 155 million records.
- Vietnam accounted for 12.9 percent of global account thefts in the same period.
Of note, foreign companies collecting customer or employee data in Vietnam are subject to Decree 13/ND-CP on Personal Data Protection, which includes localisation requirements and strict prohibitions on unauthorised data sharing. Even if the leak originates from a third-party contractor or local partner, the foreign brand may still face legal liability and reputational fallout.
On that note, given the environment of rampant data leakage and weak enforcement, merely following the law is really not enough—firms should consider going beyond compliance when it comes to how they store and manage data collected in Vietnam.