Three insider-risk cases SearchInform would have stopped: Vietnam, Indonesia, Malaysia

Every week somewhere in the world, a bank, a telco or an energy company discovers that its worst losses didn't come from outside hackers — they came from employees and contractors who had signed an NDA. The three incidents below — from Vietnam, Indonesia and Malaysia — show the exact insider scenarios the SearchInform platform is built to stop.

1. Vietnam — 13 banks, customer data sold on the black market

Vietnamese prosecutors charged a ring in which insiders at 13 banks abused their system access to extract and resell customer data — national ID, account numbers, addresses and phone numbers — for VND 300,000 to 2.2 million per record. Result: a wave of complaints, reputational damage and exposure under the new Personal Data Protection Law 91/2025/QH15.

What SearchInform DLP would have blocked: every export channel (USB, print, personal email, Telegram, cloud) is inspected, content is matched against a "financial customer data" policy, and bulk extractions are blocked at the action. Risk Monitor scores anomalous behaviour in parallel — a teller pulling 200 records after hours, for example — and alerts the security team within seconds.

2. Indonesia — Bank BCA, 20,000 customers exposed via the DarkNet

A former Bank Central Asia (BCA) employee was prosecuted after offering 20,000 customers' financial data on a DarkNet forum — online banking IDs, mobile numbers and transaction history. The incident only surfaced when customers reported suspicious activity.

How SearchInform handles this scenario: FileAuditor (DCAP) classifies sensitive files and tightens access by role. Any copy of a labelled file out of the server triggers a shadow copy and an incident — so the bank can investigate backwards instead of waiting for customer complaints.

3. Malaysia — Petronas, confidential bid documents leaked via USB and personal email

In 2025, Malaysia's Industrial Court reviewed a Petroliam Nasional Berhad (Petronas) dismissal of a department head with undisclosed ties to a contractor CEO. Court evidence showed confidential bid documents copied to USB, plus personal email containing flight tickets, cheque images and spouse account details — used for off-book payments.

What SearchInform Next-Gen DLP does: tight USB control with automatic file encryption on write — only corporate machines can open the file. Both corporate email and personal webmail are monitored, paired with AI policies that flag anomalies: a single user mailing both a bid file and a cheque image triggers an immediate alert.

4. The pattern — and why a perimeter-only DLP isn't enough

Three incidents, three countries, one pattern: legitimate users, legitimate channels (USB, email, print, cloud), no "hack" signature. Firewalls, EDR and traditional CASB see nothing wrong. Only a platform that combines DCAP + DLP + UEBA can ask the right question: "what is this authorised user doing with classified data, right now?"

5. Why DigiWorkHub picked SearchInform for the Vietnamese market

• Hours, not weeks, to deploy: FileAuditor, DLP and Risk Monitor share one platform — no stitched-together stack of five products.
• Built for Vietnamese compliance: Classification schemas pre-mapped to Law 91/2025/QH15, Decree 356/2025, the 116/2025 Cybersecurity Law and TCVN ISO/IEC 27002.
• On-prem or cloud: Meets in-country data-residency requirements for BFSI, telecom and the public sector.
• Authorized Vietnam partner since 05/2026: DigiWorkHub handles deployment, training and 24/7 operations — never through grey channels.

Conclusion

Insider losses are hard to quantify — until they hit the headlines. The Vietnam, Indonesia and Malaysia incidents share one feature: the victim organisation found out only after the damage was done. SearchInform + DigiWorkHub reverses that order.