Alleged Breach of KBank Vietnam Exposes 10.1 Million Credit Registration Records With National IDs, Salaries, Credit Scores, and Employer Details

Summary

A threat actor named hackboy claims to have stolen and is selling 10.1 million credit registration records from KBank Vietnam (Kasikornbank's Vietnamese subsidiary), extracted in February 2026 from the Kbank_Vietnam_Core system. The dataset includes highly sensitive personal identifiers (national ID numbers, names, dates of birth), employment details (job titles, salaries, employer names), financial profiles (CIC credit scores, risk classifications), and relationship/guarantor data. The breach enables identity theft, loan fraud, and targeted financial scams across Vietnam's banking system.

Full text

Dark Web Informer - Cyber Threat Intelligence Alleged Breach of KBank Vietnam Exposes 10.1 Million Credit Registration Records With National IDs, Salaries, Credit Scores, and Employer Details April 6, 2026 - 12:08:15 PM UTC Vietnam Banking / Financial Services Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more. View API Unlock Exclusive Cyber Threat Intelligence Powered by DarkWebInformer.com Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously. Subscribe Now Quick Facts Date & Time 2026-04-06 12:08:15 UTC Threat Actor hackboy Victim KBank Vietnam (Kasikornbank) Industry Banking / Financial Services Category Data Breach Total Records 10,152,989 Extraction Date February 2026 Source System Kbank_Vietnam_Core Severity Critical Price Contact Seller Network Open Web Country Vietnam Incident Overview A threat actor going by hackboy claims to be selling credit registration data from KBank Vietnam (Kasikornbank's Vietnamese operations), including both accepted and pending loan applications. The dataset allegedly contains 10,152,989 records extracted in February 2026 from the Kbank_Vietnam_Core system. This is a major banking data breach that exposes the full financial profile of millions of Vietnamese loan applicants. The sample data and field listing reveal an exceptionally detailed per-record structure. Each registration includes: Identity Data: Customer IDs, full names (Vietnamese), national ID numbers (CMND/CCCD, Vietnam's citizen identification), dates of birth, and phone numbers. Residential Data: Full home addresses including ward, district, and city details. Employment and Income: Job titles, base salaries, employer names, and work locations. The sample data shows specific company names, salary figures, and position titles for each applicant. Credit Data: CIC credit scores (Vietnam's Credit Information Center scores used by all Vietnamese banks for lending decisions), risk classifications (the sample shows "Watchlist_B" categorization), and branch names (Sunwah Branch HCM in the sample). Relationship Data: A relationship field is included in each record, suggesting the database captures family or guarantor connections between applicants. Profile Classification: Profile type fields categorize each record's loan application status. System Metadata: Export dates (the sample shows April 6, 2026 at 13:17:51), security tags marked "CONFIDENTIAL-INTERNAL-USE", and system origin tagged as "Kbank_Vietnam_Core". The combination of national ID numbers, salaries, employer details, credit scores, and risk classifications makes this one of the most complete financial identity datasets to appear in a breach listing. For affected individuals, this data is sufficient for loan fraud, identity theft, social engineering against their employers, and targeted financial scams. The CIC credit scores are particularly sensitive because they are used across Vietnam's entire banking system for credit decisions. Compromised Data Categories Customer IDs Full Names (Vietnamese) National ID Numbers (CMND/CCCD) Dates of Birth Phone Numbers Home Addresses Job Titles Base Salaries Employer Names Work Locations CIC Credit Scores Risk Classifications Bank Branch Names Relationship / Guarantor Data Loan Profile Types Image Preview Claim URL Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers. Subscribe Subscriber Access View the original listing URL and unredacted claim images on the feeds below. Threat Feed Ransomware Feed MITRE ATT&CK Mapping T1190 Exploit Public-Facing Application Targets vulnerabilities in the bank's web applications or core banking API to gain unauthorized access to the Kbank_Vietnam_Core credit registration database. T1213 Data from Information Repositories Extracts over 10 million structured credit registration records from the core banking system, pulling personal identifiers, financial profiles, employment details, and credit risk assessments. T1589.001 Gather Victim Identity: Credentials Harvests national ID numbers (CMND/CCCD), personal details, salary information, and credit scores for 10.1 million individuals, creating a comprehensive financial identity theft dataset. T1005 Data from Local System Extracts data directly from the core banking system with system metadata including export timestamps, confidentiality tags, and system origin identifiers confirming internal access. T1567 Exfiltration Over Web Service Advertises and sells the stolen banking data through web forums and Telegram, with samples and pricing available via direct message and middleman/escrow accepted. T1657 Financial Theft The combination of national IDs, salaries, employer details, and CIC credit scores enables loan fraud, identity theft, and targeted financial scams against millions of Vietnamese banking customers. Dark Web Informer © 2026 | Cyber Threat IntelligenceDarkWebInformer.com

Indicators of Compromise

• malware — Kbank_Vietnam_Core

Entities