Illustrative image (Photo: VNDirect) The document, signed by Doan Thanh Tung, Director of theInformation Technology Department of the State Securities Commission, statedthat a securities company recently experienced an attack on its informationtechnology system, resulting in the temporary suspension of its securitiestrading system.
To ensure the safe, stable and smooth operation of the securitiesmarket, the State Securities Commission has instructed the company to ensurethe security and continuous operation of its information technology systems andbackup databases in accordance with Article 89, Clause 10 of the Securities Law2019.
Additionally, the company is urged to proactively review andexamine security measures for its information technology systems, particularlythe securities trading system and internet-connected systems, to promptlyaddress any security vulnerabilities.
The State Securities Commission emphasised the importance ofconducting online transaction process checks, risk control procedures, systemand data backup procedures, as well as implementing measures to mitigatepotential security risks.
"In the event of any signs of compromised security, thecompany must take immediate and focused action to resolve and rectify thesituation, promptly reporting to the State Securities Commission, stockexchanges and relevant authorities for coordination and resolution," thedocument stated.
The State Securities Commission further requested the company todiligently and expeditiously conduct a review, examination and provide a planfor remedial actions (if necessary) to the State Securities Commission andrelated entities before April 1.
As previously reported, on March 25, the VNDirect Securities Companysubmitted a report to the State Securities Commission regarding the incident.
According to the report, the incident occurred at 10am on March 24at the DC Fornix Duy Tan. The system was attacked by an international hackerorganisation, resulting in the temporary inability to log in to the entiretrading platform.
The company confirmed that the incident caused disruption intrading activities but assured that it did not affect the status of customersecurities accounts.
Assessing the risks, VNDirect stated that the incident impactedthe market, customers, the trading system, and related systems. Customers wereunable to log in for online transactions. However, the company affirmed that noactual damages have been incurred.
To address the incident, on the morning of March 25, VNDirectcollaborated with partners FPT and Viettel to handle and rectify the situation,ensuring the safety of customer information and assets.
As of the morning of March 26, the trading system was still notreconnected.
On the afternoon of March 25, the HCM Stock Exchange (HOSE)temporarily suspended VNDirect's trading connection with HOSE until the companyfully resolves the incident.
Similar incidents also affected Post and Telecommunication JointStock Insurance Corporation (PTI), which is related to VNDirect. PTI announcedon their official website that their system was attacked starting from 10am onMarch 24.
Additionally, I.P.A Securities Investment Fund Management LimitedCompany (IPAAM), also connected to VNDirect, experienced a similar issue ofbeing unable to access their system.
Both PTI and IPAAM have significant shareholders, includingVNDirect and authorised shareholders (accounting for 42.33%), as well as DBInsurance Company from the Republic of Korea (accounting for 37.32%).
IPAAM was established in 2008 and was wholly owned by VNDirect.However, as of December 2023, VNDirect completed the transfer of 100% of itscapital contribution in IPAAM to the IPA Investment Group.
Similarly to VNDirect, as of the morning of March 26, the systemsof PTI and IPAAM are still inaccessible./.
VNA
