Shwapno customer database hacked, 40 lakh accounts at risk

The country's largest supermarket chain, Shwapno, has reported that its customer database was breached by hackers who are demanding a ransom of $1.5 million (over Tk 18.3 crore). The disclosure came after customer names, phone numbers and purchase histories began circulating on social media.

Sabbir Hasan Nasir, Managing Director of Shwapno, said the attackers took control of the company's website and database in December last year. He said they are seeking the ransom in exchange for restoring access.

Shwapno has over 40 lakh registered customers and runs 812 outlets across 63 districts. The exposed information includes customer names, mobile phone numbers and purchase histories.

Nasir could not confirm how much data had been compromised. He said the company is preparing to file a case.

Customers reported that after checking the leaked database, they found their personal details, including names, purchase histories and transaction data, were visible.

Shwapno, a subsidiary of ACI Limited, is working with domestic and international forensic experts, as well as the Counter Terrorism and Transnational Crime (CTTC) unit of police, to investigate the breach and strengthen its cyber defences.

Although Shwapno said it had taken steps to secure its systems, the company has not issued a public statement warning customers that their data may have been exposed.

Asked why no action was taken earlier despite the alleged breach occurring three months ago, Nasir said the company identified the intrusion only recently. "We do not want to compromise with this unethical hacking. When we stated that we would not participate in any unethical dealings, they responded with threats," he said.