10th Grader Hacks National Vaccination System, Sells 20 Million Personal Records
Severity: High (Score: 66.0)
Sources: News.Tuoitre.Vn, Vietnam.Vn
Published: · Updated:
Keywords: police, dong, cyber, security, high-tech, crime, prevention
Summary
On June 5, 2026, a 10th-grade student from Nghe An Province was prosecuted for illegally accessing the National Immunization Information System. The student, N.H.A., exploited security vulnerabilities to collect and sell nearly 20 million personal records, earning over 100 million VND. The investigation revealed that he self-taught programming and used online resources to develop algorithms for the hack. Authorities emphasized the serious threat this poses to privacy rights and warned of potential fraud risks. The police have initiated measures to strengthen cybersecurity and prevent similar incidents. Legal consequences for such actions include fines and imprisonment under Articles 288 and 289 of Vietnam's Penal Code. The case highlights the need for better education on cybersecurity and legal implications among youth. Key Points: • A 10th-grade student hacked the National Immunization Information System. • Nearly 20 million personal records were stolen and sold for over 100 million VND. • Authorities are urging improved cybersecurity measures to prevent future breaches.
Detailed Analysis
**Impact** Approximately 20 million personal records of Vietnamese citizens nationwide were compromised and sold by a 10th-grade student. The data breach affects the National Immunization Information System managed by the Ministry of Health's General Department of Preventive Medicine. The illicit sale of data poses risks of privacy violations, fraud, and financial scams. The incident impacts public health data integrity and citizen privacy across Vietnam. **Technical Details** The attacker exploited security vulnerabilities in the National Immunization Information System by developing custom programming algorithms learned through online resources. The attack involved unauthorized access to computer and telecommunications networks, with no specific malware or CVEs identified. The breach was detected after multiple accounts offered large volumes of personal data for sale in closed online groups. No detailed infrastructure or IOCs were provided. **Recommended Response** Organizations managing sensitive data should conduct immediate security audits to identify and patch vulnerabilities in their systems. Deploy monitoring for unauthorized access attempts and anomalous data exfiltration activities. Strengthen access controls and user authentication mechanisms, especially for critical public health systems. Authorities and institutions should increase cybersecurity awareness and legal education among youth and enforce strict penalties for illegal data handling.
Source articles (2)
- Tenth — Vietnam.Vn · 2026-06-11
According to sources from the Cyber Security and High-Tech Crime Prevention Department of the Lam Dong Provincial Police, on June 5, 2026, the Cyber Security and High-Tech Crime Prevention Departm… - Vietnamese 10th grader allegedly hacks national vaccination system, sells 20mn personal records — News.Tuoitre.Vn · 2026-06-11
Police in Lam Dong Province in the Central Highlands region said on Wednesday that they had launched criminal proceedings against N.H.A., a 10th-grade student residing in Quan Thanh Commune, Nghe An P…
Timeline
- 2026-06-05 — Student prosecuted for hacking: N.H.A. was charged with illegally accessing the vaccination system and selling personal data.
- 2026-06-05 — Investigation launched: Cybersecurity officials discovered accounts selling large volumes of personal data, prompting an investigation.
- 2026-06-11 — Police announce findings: Authorities reported the student sold nearly 20 million records and earned significant illicit profits.
Related entities
- Data Breach (Attack Type)
- Ministry Of Health (Company)
- Vietnam (Country)
- CWE-200 - Exposure of Sensitive Information (Cwe)
- Love (Malware)
- T1041 - Exfiltration Over C2 Channel (Mitre Attack)