Shwapno Data Breach Exposes 270M Purchase Records and 2M Phone Numbers in Ransomware Attack
Summary
Ransomware groups Qilin and LockBit 5.0 are reportedly behind a massive cyberattack on Shwapno, one of Bangladesh's largest retail chains — compromising over 270 million purchase records and more than 2 million customer phone numbers. The breach raises serious concerns over data security and corporate transparency.
AI-assisted summary
One of Bangladesh's largest retail chains, Shwapno (স্বপ্ন), is at the center of a significant cybersecurity incident after reports emerged of a large-scale data breach allegedly carried out by ransomware groups Qilin and LockBit 5.0.
According to available reports, the breach may have exposed an alarming volume of sensitive customer data, including approximately 270,040,472 purchase records and 2,058,384 mobile phone numbers. Beyond transactional histories, the compromised data reportedly includes customer names, invoice details, product information, and other personally identifiable information.
What Data May Have Been Exposed
Cybersecurity researchers and threat intelligence sources indicate that the following categories of data are potentially at risk:
Customer names and mobile phone numbers
Invoice records and full purchase histories
Product and transaction details
Additional personal information
The scale of the alleged breach — particularly the volume of purchase records — places this among the most significant data security incidents reported in Bangladesh's retail sector to date.
The Real Issue: Transparency, Not Just the Attack
Cybersecurity experts note that ransomware attacks of this nature are not uncommon, even among the world's largest corporations. What distinguishes responsible organizations in the aftermath of such incidents is the speed and clarity with which they communicate with affected users.
Industry best practice demands that affected companies promptly notify customers about what data has been compromised, what risks they face, and what steps they should take to protect themselves. As of the time of reporting, Shwapno has not issued a clear public statement addressing the breach or providing guidance to potentially affected customers.
The central question now is straightforward: Has Shwapno kept its users adequately informed?
What Customers Should Do
While an official response from Shwapno remains pending, cybersecurity professionals advise potentially affected customers to remain vigilant against phishing attempts, monitor their accounts for unusual activity, and exercise caution with unsolicited calls or messages referencing their purchase history.
This is a developing story. Updates will be added as new information becomes available