Shwapno Retail Chain Confirms 2023 Data Breach After Hackers Demand $1.5 Million Ransom
Popular Bangladeshi retail chain Shwapno disclosed a 2023 data breach after hackers demanded $1.5 million to prevent the release of stolen customer information. The incident came to public attention in recent weeks when portions of the compromised data including names, phone numbers, and purchase histories appeared on social media.
Shwapno’s Managing Director, Sabbir Hasan Nasir, confirmed that the company was first alerted to the breach in August 2023 via an email from the attackers. The hackers set a December deadline for payment, claiming it would ensure full access to the database was returned. However, Shwapno later verified that its system access remained intact, though the attackers may have exfiltrated a portion of the data.
The retailer, a subsidiary of ACI Limited, operates 812 outlets across 63 districts and serves over 4 million registered customers. While the exact scale of the breach remains unconfirmed, leaked data reportedly includes customer identities and transaction details.
Shwapno has since secured its database and is collaborating with local and international forensic experts, as well as Bangladesh’s Counter Terrorism and Transnational Crime (CTTC) unit, to investigate the incident. The company is also preparing to file a formal case in response to the attack.
Nasir acknowledged a delay in public disclosure, stating that immediate security measures were taken after the August notification, though the company was unaware the hackers had retained and later leaked the data. The full extent of the compromise is still under review.
ACI Logistics Limited cybersecurity rating report: https://www.rankiteo.com/company/acill-shwapno
"id": "ACI1774708213",
"linkid": "acill-shwapno",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '4 million (potentially partial '
'exposure)',
'industry': 'Retail',
'location': 'Bangladesh',
'name': 'Shwapno',
'size': '812 outlets across 63 districts, 4 million '
'registered customers',
'type': 'Retail Chain'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Personally Identifiable Information '
'(PII)',
'type_of_data_compromised': ['Names',
'Phone numbers',
'Purchase histories',
'Transaction details']},
'date_detected': '2023-08',
'description': 'Popular Bangladeshi retail chain Shwapno disclosed a 2023 '
'data breach after hackers demanded $1.5 million to prevent '
'the release of stolen customer information. The incident came '
'to public attention when portions of the compromised data, '
'including names, phone numbers, and purchase histories, '
'appeared on social media.',
'impact': {'data_compromised': 'Customer identities, transaction details, '
'names, phone numbers, purchase histories',
'identity_theft_risk': 'High',
'systems_affected': 'Customer database'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes', 'ransom_demanded': '$1.5 million'},
'references': [{'source': 'News Article'}],
'regulatory_compliance': {'legal_actions': 'Preparing to file a formal case'},
'response': {'communication_strategy': 'Public disclosure, collaboration with '
'authorities',
'containment_measures': 'Secured database',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': 'Bangladesh’s Counter Terrorism and '
'Transnational Crime (CTTC) unit',
'third_party_assistance': 'Local and international forensic '
'experts'},
'title': 'Shwapno Retail Chain Data Breach and Ransom Demand',
'type': 'Data Breach, Ransomware'}