Bangladesh’s largest supermarket chain Shwapno suffered a massive ransomware attack that exposed the personal data of approximately 4 million customers. The attack, carried out by the Qilin ransomware syndicate and LockBit 5.0, resulted in over 410 GB of stolen data being leaked on the dark web in March 2026 — including customer names, phone numbers, purchase histories, and sensitive company documents.
If you have ever shopped at Shwapno or signed up for their loyalty programme, your personal information may be at risk. Here is everything you need to know about what happened, what was stolen, and exactly what to do right now.
What happened to Shwapno?
Shwapno, operated by ACI Logistics Limited, is the largest supermarket chain in Bangladesh with millions of registered customers. In the months leading up to August 2025, international cybercriminal groups — specifically the Qilin ransomware syndicate and LockBit 5.0 — targeted Shwapno employees with carefully crafted phishing emails designed to steal login credentials.
On August 19, 2025, the attackers struck. Ransomware locked down computers at Shwapno’s head office, encrypting files and systems across the company. The attackers demanded a ransom of 1.5 million US dollars and gave Shwapno a 10-day deadline to pay.
When the ransom was not paid, the attackers followed through on their threat. On March 17, 2026, over 410 GB of stolen data was published on the dark web through LockBit 5.0’s leak portal, making it freely available to other criminals.
Shwapno filed a general diary (GD) with Tejgaon Industrial Area Police Station on March 28, 2026 — more than seven months after the initial attack. The company is now working with Bangladesh’s Counter Terrorism and Transnational Crime (CTTC) unit to investigate the breach.
Sources: The Daily Star, The Business Standard
Who is affected by the Shwapno data breach?
Approximately 40 lakh (4 million) registered Shwapno customers are potentially affected. This includes anyone who:
- Created an account or loyalty card with Shwapno
- Provided a phone number or email address at checkout
- Used Shwapno’s online ordering or delivery service
- Subscribed to Shwapno’s marketing or promotional messages
The breach also affected Shwapno’s internal operations. Supplier information, employee HR records, and business contracts were among the stolen data — meaning suppliers, business partners, and current or former employees are also at risk.
As of 2026, data breaches affecting millions of people have become alarmingly common. Over 9 billion records were exposed globally in 2024, and the trend has only accelerated since then.
What data was exposed in the Shwapno breach?
The 410 GB data dump included a wide range of personal and business information:
Customer data:
- Full names
- Phone numbers
- Purchase histories and transaction records
Business data:
- Supplier details and contracts
- Sales records and financial data
- Bank deposit information
Internal company data:
- HR documents and employee records
- Internal policies and procedures
- Company communications
This combination of customer, financial, and internal data makes the Shwapno breach particularly dangerous. Criminals can use purchase histories and personal details together to craft very convincing phishing attacks — for example, a fake message that references your actual shopping habits at Shwapno to trick you into clicking a malicious link.
How can you check if your data was exposed?
If you have ever used your email address with Shwapno — for online orders, account registration, or promotional sign-ups — you should check whether your information has appeared in any known data breach.
Check your email now with EmailLeaked — it scans billions of records from known breaches and tells you instantly if your email has been compromised. It is free, takes under 10 seconds, and shows you exactly what data was exposed.
Even if you primarily used a phone number with Shwapno rather than an email, it is still worth checking your email. Attackers who have your phone number from the Shwapno breach may try to use it alongside credentials from other breaches where your email was exposed.
What should you do right now if you are affected?
If you shopped at Shwapno or had an account with them, take these five steps immediately — even if you are not sure whether your data was part of the leak.
1. Change your passwords
If you used the same password for your Shwapno account and any other service, change it everywhere right now. Use a unique password for every account — at least 16 characters, mixing letters, numbers, and symbols. A password manager makes this easy by remembering all your passwords for you.
2. Turn on two-factor authentication
Enable two-factor authentication on every important account — especially email, banking, and social media. This adds a second layer of protection so that even if someone has your password, they still cannot get in without your phone.
3. Watch out for phishing messages
Expect a sharp increase in scam messages over the next few months. Criminals who have your name, phone number, and shopping habits can send very realistic-looking texts and emails pretending to be Shwapno, your bank, or delivery services. Do not click links in unexpected messages. If something looks urgent, go directly to the official website or app instead.
4. Monitor your bank accounts and mobile wallet
Check your bank statements and mobile banking (bKash, Nagad, Rocket) transactions carefully for the next 90 days. Look for any charges or transfers you do not recognise. If you spot anything suspicious, contact your bank immediately.
5. Be cautious with phone calls
Since phone numbers were part of the leaked data, be extra careful with unsolicited calls. Scammers may call pretending to be from Shwapno, your bank, or a government agency. Never share OTPs, PINs, or account details over the phone — legitimate companies will never ask for these.
How could this breach have been prevented?
The Shwapno attack followed a well-known pattern that organisations can defend against. Understanding how it happened helps explain why these breaches keep occurring.
Phishing awareness training — The attackers gained initial access through phishing emails sent to Shwapno employees. Regular security training that teaches staff to recognise and report suspicious emails is one of the most effective defences against ransomware.
Multi-factor authentication on internal systems — Even if an employee’s credentials are stolen through phishing, multi-factor authentication can prevent attackers from using those credentials to access company systems.
Data minimisation — Companies should only collect and retain the minimum amount of customer data they actually need. Storing 4 million customers’ detailed purchase histories creates a larger target for attackers. As of 2026, data minimisation is increasingly recognised as a core security practice, not just a privacy preference.
Faster incident response — The seven-month gap between the August 2025 attack and the March 2026 police report is a significant concern. Faster detection, response, and notification gives affected individuals more time to protect themselves before stolen data is used against them.
Offline backups and recovery plans — Organisations that maintain offline backups of critical data can recover from ransomware without paying the ransom, reducing the financial incentive for attackers.
What is ransomware and how does it work?
Ransomware is a type of malicious software that locks a company’s computers and files so nobody can access them. The attackers then demand a payment (ransom) to unlock everything.
Modern ransomware groups like Qilin and LockBit 5.0 use a “double extortion” strategy — they steal a copy of all the data before encrypting it. If the company refuses to pay the ransom, the attackers publish the stolen data on the dark web as punishment and as proof to future victims that they follow through on threats.
This is exactly what happened to Shwapno. The $1.5 million ransom was not paid, so the attackers leaked the entire 410 GB dataset publicly.
For a deeper explanation of how these attacks work, read our guide on what is a data breach.
Frequently asked questions
How many customers were affected by the Shwapno data breach?
Approximately 4 million (40 lakh) registered Shwapno customers had their data exposed. This includes names, phone numbers, and purchase histories. The breach also affected Shwapno’s suppliers and employees since internal business documents were part of the leaked data.
Who was behind the Shwapno cyberattack?
The attack was carried out by international cybercriminal groups including the Qilin ransomware syndicate and LockBit 5.0. These are well-known ransomware-as-a-service operations that target organisations worldwide. They demanded a ransom of 1.5 million US dollars, which Shwapno did not pay.
What data was leaked from Shwapno?
Over 410 GB of data was leaked on the dark web. This included customer names, phone numbers, and purchase histories. It also included supplier contracts, bank deposit information, HR documents, employee records, internal company policies, and sales data.
When did the Shwapno breach happen?
The initial ransomware attack hit on August 19, 2025, locking down computers at Shwapno’s head office. The stolen data was leaked on the dark web on March 17, 2026 — about seven months later. Shwapno filed a police report on March 28, 2026.
Is my data safe if I only shopped at Shwapno in-store?
Not necessarily. If you provided your phone number, email address, or signed up for a loyalty programme at any Shwapno location, your information was stored in their database and may have been part of the breach. Even in-store customers who gave personal details at checkout could be affected.
Can the leaked data be removed from the dark web?
Unfortunately, once data is published on the dark web, it is essentially impossible to remove completely. It gets copied, shared, and redistributed across multiple forums and marketplaces. The best course of action is to assume your data is exposed and take the protective steps listed above — change passwords, enable two-factor authentication, and monitor your accounts closely.
Should I stop shopping at Shwapno?
That is a personal decision. The breach has already happened and the data has already been leaked. What matters now is protecting yourself by following the steps in this article. Many large companies have experienced breaches and have gone on to significantly improve their security afterwards.
How can I check if my email was in the Shwapno breach?
Use the free EmailLeaked breach checker to scan your email against billions of records from known data breaches. It takes under 10 seconds and will tell you if your email has appeared in any breach, including what specific data was exposed.