State Securities Commission issues security warning following VNDirect system breach


To ensure the safe, stable and smooth operation of the securities market, the State Securities Commission has instructed the company to ensure the security and continuous operation of its information technology systems and backup databases.

The State Securities Commission issued a security warning late Monday stating that a securities company recently experienced an attack on its information technology system, resulting in the temporary suspension of its securities trading system. — Photo SSC

The State Securities Commission (SSC) issued a security warning late Monday regarding the online securities trading system of VNDirect Securities Company (VNDirect).

The document, signed by Đoàn Thanh Tùng, Director of the Information Technology Department of the State Securities Commission, stated that a securities company recently experienced an attack on its information technology system, resulting in the temporary suspension of its securities trading system.

To ensure the safe, stable and smooth operation of the securities market, the State Securities Commission has instructed the company to ensure the security and continuous operation of its information technology systems and backup databases in accordance with Article 89, Clause 10 of the Securities Law 2019.

Additionally, the company is urged to proactively review and examine security measures for its information technology systems, particularly the securities trading system and internet-connected systems, to promptly address any security vulnerabilities.

The State Securities Commission emphasised the importance of conducting online transaction process checks, risk control procedures, system and data backup procedures, as well as implementing measures to mitigate potential security risks.

"In the event of any signs of compromised security, the company must take immediate and focused action to resolve and rectify the situation, promptly reporting to the State Securities Commission, stock exchanges and relevant authorities for coordination and resolution," the document stated.

The State Securities Commission further requested the company to diligently and expeditiously conduct a review, examination and provide a plan for remedial actions (if necessary) to the State Securities Commission and related entities before April 1st.

As previously reported, on March 25, VNDirect Securities Co submitted a report to the State Securities Commission regarding the incident.

According to the report, the incident occurred on March 24 at 10am at the DC Fornix Duy Tân. The system was attacked by an international hacker organisation, resulting in the temporary inability to log in to the entire trading platform.

The company confirmed that the incident caused disruption in trading activities but assured that it did not affect the status of customer securities accounts.

Assessing the risks, VNDirect stated that the incident impacted the market, customers, the trading system, and related systems. Customers were unable to log in for online transactions. However, the company affirmed that no actual damages have been incurred.

To address the incident, on the morning of March 25, VNDirect collaborated with partners FPT and Viettel to handle and rectify the situation, ensuring the safety of customer information and assets.

Currently, as of the morning of March 26, the trading system is still not reconnected.

On the afternoon of March 25, the HCM Stock Exchange (HOSE) temporarily suspended VNDirect's trading connection with HOSE until the company fully resolves the incident.

Similar incidents also affected Post and Telecommunication Joint Stock Insurance Corporation (PTI), which is related to VNDirect. PTI announced on their official website that their system was attacked starting from 10am on March 24.

Additionally, I.P.A Securities Investment Fund Management Limited Company (IPAAM), also connected to VNDirect, experienced a similar issue of being unable to access their system.

Both PTI and IPAAM have significant shareholders, including VNDirect and authorised shareholders (accounting for 42.33 per cent), as well as DB Insurance Company from South Korea (accounting for 37.32 per cent).

IPAAM was established in 2008 and was wholly owned by VNDirect. However, as of December 2023, VNDirect completed the transfer of 100 per cent of its capital contribution in IPAAM to the IPA Investment Group.

Similarly to VNDirect, as of the morning of March 26, the systems of PTI and IPAAM are still inaccessible. — VNS

  • Share: