Shwapno's database hacked; 40 lakh customers’ details at risk
The country’s largest supermarket chain Shwapno has said hackers breached its customer database and are demanding a ransom of $1.5 million, or more than Tk 18.3 crore.
The disclosure came after customer names, phone numbers and purchase histories began making round-ups on social media.
For all latest news, follow The Daily Star's Google News channel. Sabbir Hasan Nasir, managing director of Shwapno, told The Daily Star that hackers had taken control of the company’s website and database in December last year.
He said the attackers were seeking $1.5 million in exchange for restoring access.
Shwapno has more than 40 lakh registered customers. It runs 812 outlets across 63 districts. The exposed information includes customer names, mobile phone numbers and purchase histories.
However, Nasir could not confirm how much data had been compromised. He said the company is preparing to file a case.
“When I checked the leaked database, I entered my wife’s phone number and immediately found her record,” said a customer of Shwapno in Dhaka’s Gulshan.
“Her name, purchase history, and detailed transaction data were all visible. This is not a theoretical risk; it is real, personal, and already exposed.”
“If one record is this accessible, millions of others are equally vulnerable,” the customer told The Daily Star.
Shwapno, a subsidiary of ACI Limited, is working with domestic and international forensic experts, as well as the Counter Terrorism and Transnational Crime (CTTC) unit of police, to investigate the breach and strengthen its cyber defences.
Although Nasir said Shwapno had taken steps to secure its systems, the company has not issued a public statement warning customers that their data may have been exposed.
Asked why no action was taken earlier despite the alleged breach occurring three months ago, Nasir said the company identified the intrusion only recently.
He said they do not want to compromise with this unethical hacking. “When we stated that we would not participate in any unethical dealings, they responded with threats.”
Comments