United News of Bangladesh

The website of retail chain Shwapno has been hacked with attackers releasing customers’ personal information online and demanding a large ransom from the company. The leaked data circulating across Facebook and various websites since Saturday reportedly includes names, phone numbers and purchase histories of customers who shopped at Shwapno in 2025. Shwapno Managing Director Sabbir Hasan said hackers had gained control of the company’s customer database last year and had been demanding $1.5 million since around August 2025 to restore access. The company did not comply with the demand. Urging caution, Shwapno advised customers to remain alert against potential phishing attempts and fraud. “We request customers not to share personal or financial information over calls or messages from unknown or suspicious numbers, and to avoid clicking on unverified links,” the company said, adding that it never asks for passwords or OTPs over phone calls. The company, a subsidiary of ACI PLC, said it is preparing to file a case and is working with local law enforcement, including the Counter Terrorism and Transnational Crime (CTTC) unit, as well as international forensic experts to address the breach.

TechCrunch, an American online news platform focusing on high tech and startups, says that a Bangladeshi government website has leaked the personal information of citizens. The data leak includes full names, phone numbers, email addresses, and national ID numbers of millions of Bangladeshi citizens, TechCrunch quoted a researcher who discovered the leak. Read: Personal data hack of 100s of German politicians, celebs The leak was “accidentally discovered” by Viktor Markopoulos who works for Bitcrack Cyber Security. He then contacted the Bangladeshi e-Government Computer Incident Response Team. Markopoulos said, finding the data “was too easy.” “It just appeared as a Google result and I wasn’t even intending on finding it. I was Googling an SQL error and it just popped up as the second result,” he told TechCrunch, referring to SQL, a language designed for managing data in a database. Read: 8 arrested in Hong Kong for posting personal data on police TechCrunch said it was able to verify that the leaked data was “legitimate” through using a portion to query a public search tool on the affected website. The government website apparently returned other data contained in the leaked database, such as the name of the person who applied to register, as well as — in some cases — names of their parents. TechCrunch, in the report published on July 7, 2023, said it attempted the process with 10 different sets of data, and all returned correct data. The US news platform, however, did not name the government website as data is still available online. It also said it has not heard back from any of the Bangladeshi government organisations that were emailed, asking for remarks and alerting of the data leak. Read more: Facebook: Hackers accessed personal data from 29M accounts