Shwapno Database Hacked; Data of 4M Customers at Risk

In one of the largest corporate cyberattacks in Bangladesh’s history, hackers have breached the customer database of Shwapno, the country's leading supermarket chain. The attackers are reportedly demanding a ransom of $1.5 million (over 18.3 crore BDT) to restore access and prevent further leaks.

The breach, which was confirmed by Sabbir Hasan Nasir, Managing Director of Shwapno, has placed the personal information of approximately 40 lakh registered customers at risk. Shwapno, a subsidiary of ACI Limited, operates 812 outlets across 63 districts, making the scale of the exposure nationwide.

Reports of the hack intensified after sensitive details—including customer names, mobile phone numbers, and granular purchase histories—began appearing on social media platforms. One customer in Dhaka’s Gulshan recounted a chilling experience of verifying the leak by entering his wife’s phone number into the compromised database, only to immediately find her full transaction history and personal details visible.

MD Sabbir Hasan Nasir stated that while the company identified the intrusion recently, the hackers allegedly gained control of the website and database as far back as December last year. He emphasized that the company has refused to comply with the "unethical" ransom demands, which has led to increased threats from the attackers.

In response to the crisis, Shwapno has initiated a multi-layered investigation involving:

• The Counter Terrorism and Transnational Crime (CTTC) unit of the Bangladesh Police.

• Domestic and international forensic experts to assess the depth of the breach.

• Internal IT audits to strengthen cyber defenses and prevent future incursions.

While the company is moving toward filing a formal case, concerns remain over the delay in public notification. Despite the breach occurring months ago, Shwapno has not yet issued a direct warning to its millions of customers regarding the potential misuse of their data.

Security experts warn that the exposed purchase histories and phone numbers could be leveraged for targeted phishing attacks or financial fraud. Customers are advised to be cautious of unsolicited messages or calls appearing to be from Shwapno or related retail services.