Recently, a new leak was discovered on BreachForums during a routine monitoring of the platform. The leak includes confidential information related to PetroVietnam, the trading name of the Vietnam Oil and Gas Group. This company has become the country’s largest oil producer and second-largest power producer, and its activities cover all operations from oil and gas exploration and production to storage, processing, transportation, distribution, and services.
The leak specifically includes information related to Long Son Petrochemicals Company Limited (LSP), a Vietnamese company established to develop, construct, and operate Vietnam’s first integrated petrochemicals complex. The project is located in Ba Ria-Vung Tau province and includes a world-scale grassroots mixed-feed cracker, downstream polyolefins plants, central utilities unit, port, jetty, storage facilities, and other associated facilities.
In addition, the leak contains information about POSCO E&C, a total construction company founded in December 1994, aiming to become a global E&C company based on plant engineering technology, know-how, and talented human resources accumulated from experience accrued in building the world-renowned top-tier integrated steelworks of POSCO. POSCO E&C carries out a series of projects ranging from project planning to design, construction, and test operations, earning trust from clients in various sectors, including steelmaking, environmental and energy plants, new town development, and high-rise building construction.
The leaked information includes tons of schematics for various infrastructure and piping, business registration documents, employee information, and contract agreement documents. This information could be highly sensitive and valuable to competitors or adversaries looking to gain an advantage in the industry. Companies such as PetroVietnam and its subsidiaries must be highly cautious and take extra steps to protect their confidential information to prevent such leaks.
It is important to note that leaks like this one should serve as a reminder to all companies to review their cybersecurity practices, especially in a world where cyberattacks are becoming more frequent and sophisticated. Companies should make sure their employees are trained in cybersecurity best practices, regularly update and patch their systems, and conduct regular risk assessments to identify and mitigate potential vulnerabilities.