Bangladesh’s largest supermarket chain Shwapno has filed a general diary (GD) with Tejgaon Industrial Area Police Station, seven months after its customer database was compromised in a cyberattack.

The GD was lodged on March 28 by Md Masum Billah, head of administration and crisis management at ACI Logistics Limited, Shwapno’s parent company.

Police confirmed the GD has been transferred to the Detective Branch Cyber Unit.

According to the GD, before August 2025, international cyber criminal groups, including the Qilin ransomware syndicate and LockBit 5.0 targeted Shwapno employees with phishing emails containing malicious links.

On August 19, 2025, around 2:00pm, computers at the head office of ACI Logistics Limited were locked down by ransomware, with attackers from Qilin demanding US$ 1.5 million to prevent sensitive data release, setting a 10-day deadline.

Although Shwapno’s MIS team disconnected systems and removed malware, on March 17, 2026, attackers leaked over 410 GB of data on the dark web via the LockBit 5.0 portal.

The leaked files included customer names, phone numbers, purchase histories, supplier details, contracts, daily sales records, bank deposit information, HR documents, and internal policies.

The breach poses serious risks of financial, operational, and reputational damage, according to the GD.

Shwapno, which operates 812 outlets across 63 districts and has over 40 lakh registered customers, now faces the exposure of personal details of its entire customer base.