Shwapno Retail Chain Confirms 2023 Data Breach After Hackers Demand $1.5 Million Ransom Popular Bangladeshi retail chain Shwapno disclosed a 2023 data breach after hackers demanded $1.5 million to prevent the release of stolen customer information. The incident came to public attention in recent weeks when portions of the compromised data including names, phone numbers, and purchase histories appeared on social media. Shwapno’s Managing Director, Sabbir Hasan Nasir, confirmed that the company was first alerted to the breach in August 2023 via an email from the attackers. The hackers set a December deadline for payment, claiming it would ensure full access to the database was returned. However, Shwapno later verified that its system access remained intact, though the attackers may have exfiltrated a portion of the data. The retailer, a subsidiary of ACI Limited, operates 812 outlets across 63 districts and serves over 4 million registered customers. While the exact scale of the breach remains unconfirmed, leaked data reportedly includes customer identities and transaction details. Shwapno has since secured its database and is collaborating with local and international forensic experts, as well as Bangladesh’s Counter Terrorism and Transnational Crime (CTTC) unit, to investigate the incident. The company is also preparing to file a formal case in response to the attack. Nasir acknowledged a delay in public disclosure, stating that immediate security measures were taken after the August notification, though the company was unaware the hackers had retained and later leaked the data. The full extent of the compromise is still under review.