9Pay affirms customer data security following cyberattack on the National Credit Information Center (CIC)

In response to the recent major cybersecurity incident at the National Credit Information Center of Vietnam (CIC) on September 10, 9Pay Joint Stock Company confirms that neither our customer data nor our systems have been affected.

According to the Vietnam National Cybersecurity Emergency Response Center (VNCERT), this was a criminal cyberattack aimed at seizing personal data, and is considered one of the most serious data breaches ever recorded in Vietnam.

9Pay does not share or transmit any customer or company data to CIC. Therefore, all personal information, card details, and transaction data of 9Pay customers remain entirely unaffected by the CIC incident.

To ensure maximum protection, 9Pay has implemented rigorous security measures, including:

• Full compliance with Vietnam’s personal data protection laws and the State Bank of Vietnam’s regulations
• PCI DSS certification, ensuring the security of all card-related data
• End-to-end encryption of all payment and personal identification data
• Quarterly internal reviews and audits
• Annual independent assessments by international organizations

Notably, 9Pay has been certified at PCI DSS Level 1 – the highest and most stringent standard of the Payment Card Industry Data Security Standard – guaranteeing that every transaction processed through 9Pay’s payment gateway adheres to global security requirements.

As a fintech company specializing in digital payment platforms, 9Pay serves hundreds of thousands of customers and processes transactions every day. Recognizing the critical importance of data security, we continuously review and enhance all activities related to the storage, transmission, and use of personal data. At the same time, we proactively educate customers and partners on rising risks of fraud and scams, including:

• Fake bank/CIC impersonation to steal OTPs and passwords
• Loan scams disguised as CIC debt clearance
• Unauthorized registration of financial services (e-wallets, instant loans)
• Fraudulent advertising or spam related to credit and lending

Internally, 9Pay enforces strict security protocols for all employees, such as:

• Prohibiting the sharing of login credentials for internal systems
• Never disclosing OTPs or passwords via phone, email, or unofficial channels
• Regular password updates and mandatory two-factor authentication (2FA) on critical accounts
• Staying vigilant against phishing messages or calls impersonating CIC, banks, or lenders
• Avoiding access or downloads from suspicious links or leaked data sources related to recent cyberattacks

Mr. Nguyen Thanh Trung, CTO of 9Pay, emphasized:
“9Pay is fully committed to safeguarding customer information in strict compliance with information security regulations and international standards. We will continue to work closely with authorities while strengthening awareness and guidance to help customers and partners stay vigilant against the increasing fraud attempts following the CIC incident.”