Popular retail chain Shwapno has said its customer database was hacked in August last year, with attackers demanding $1.5 million to prevent the release of stolen data.
The matter came to light after portions of customer information, including names, phone numbers and purchase histories, were recently circulated on social media, months after the alleged breach.
Speaking to The Business Standard, Shwapno Managing Director Sabbir Hasan Nasir said the company was first notified of the breach via email from the hackers.
“They informed us in August that they had accessed our database and demanded $1.5 million, giving us a deadline until December,” he said.
According to Nasir, the attackers claimed the payment would grant full access to the database. However, the company found that its own access remained intact.
“We verified that our database access was functioning properly. While hackers may have accessed a portion of the data, we secured full control of the system from that point,” he added.
He could not immediately confirm how many customers were affected or how much data was compromised.
Shwapno, a subsidiary of ACI Limited, is now preparing to file a case over the incident. The company is working with local and international forensic experts, as well as the Counter Terrorism and Transnational Crime (CTTC) unit of the police, to investigate the breach.
The retailer operates 812 outlets across 63 districts and has more than 40 lakh registered customers. The leaked data reportedly includes customer names, mobile numbers, and purchase details.
Responding to questions about the delay in disclosure, Nasir said the company had taken steps to secure its database immediately after being notified in August, though it was not aware that hackers had retained and later released part of the data.
About The Author
