Cyber Incident Victim: Mobile World
Date:
Nov 2018
Location:
Viet Nam
Summary
A hacker disclosed sensitive customer data from Mobile World on RaidForums, including over 5.4 million email addresses and 31,000 bank card numbers—some revealing full 16-digit card details—allegedly obtained from transactions at the retailer. The company denied system compromise, asserting it does not store payment card information, attributing data handling to third-party POS terminals and online payment processors. Affected customers verified their leaked details corresponded with prior purchases. The incident triggered significant financial repercussions, with the corporation's market capitalization declining by approximately $28.2 million amid stock value decreases following the breach disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In November 2018, Mobile World (MWG), a Vietnamese electronics retailer, faced a significant security incident involving the exposure of customer and employee data. On November 6, an individual using the alias "Erwincho" posted a file on RaidForums containing approximately 5.4 million email addresses purportedly belonging to Mobile World customers. The following day, November 7, the same account escalated the breach by releasing additional data including 31,000 bank card numbers with six digits obscured, later followed by a separate file containing full 16-digit card numbers. The leaked financial information included Visa, Mastercard, and domestic bank cards used in transactions at Mobile World stores. Some affected customers verified their card numbers appeared in the leaked records, confirming they had made purchases at The Gioi Di Dong (Mobile World's retail brand) within the preceding two years. The hacker also disclosed transaction location data spanning June 29 to July 18, 2017, and a separate file containing 61,000 employee email addresses formatted as ‘[email protected].’ Banking experts noted that while the initial leak lacked CVV codes and expiration dates, the hacker potentially possessed additional unreleased details that could facilitate fraudulent transactions.
Mobile World issued a public denial that their systems were compromised, asserting they did not store complete bank card information. The company clarified that point-of-sale (POS) terminals used in physical stores were bank-owned devices, with card data transmitted directly to financial institutions without retention by MWG. For online transactions, Mobile World stated customer information was processed through third-party payment gateways and not retained in their systems. Despite these claims, the breach impacted investor confidence, with MWG shares declining 1.8% (VND2,000 per share) by November 8, reducing the company’s market capitalization by VND650 billion ($28.2 million). The incident exposed at least 5.4 million customer email addresses, 31,000 financial records, and internal employee email data, though the exact method of data acquisition remained publicly contested. No customer financial losses were confirmed in the initial disclosures, but the scale of exposed information raised concerns about potential misuse.