Cyber Incident Victim: Hoa Sen Group

On or around August 21, 2020, cybersecurity firm Cyble discovered a data leak disclosure post by the Maze ransomware group during routine monitoring of deepweb and darkweb forums. The post claimed Maze had successfully compromised Hoa Sen Group (HSG), Vietnam’s largest manufacturer and trader of steel sheets and a leading regional exporter. Founded in 2001, HSG employed 7,100 staff across 343 subsidiaries and reported annual revenues of approximately $1.18 billion. Maze operators asserted possession of sensitive corporate data and threatened to release it publicly unless unspecified demands were met. Cyble analysts verified the authenticity of the leaked sample, which constituted 5% of the total stolen data—approximately 1.64 GB of files. The published archive contained employee offer letters, professionally taken staff photographs, resumes, academic certificates, and government-issued identity documents. No financial records, customer data, or operational systems were mentioned in the initial disclosure.

The attackers characterized the released data as a demonstration of their access and reiterated their intent to leak the remaining 95% if HSG failed to comply with their demands. The exposure of personally identifiable information (PII)—including IDs and employment records—created immediate risks of identity theft and phishing targeting HSG employees. Cyble publicly reported the breach to raise awareness about ransomware threats but did not disclose whether HSG had acknowledged the incident or initiated containment measures. The compromise highlighted Maze’s continued targeting of high-revenue industrial sectors, though the initial intrusion vector (e.g., phishing, vulnerabilities) and ransom demands remained unconfirmed in available disclosures. No subsequent data releases or operational disruptions at HSG facilities were documented in the analyzed source material following the initial leak announcement.