-
Unauthorised actors breached the Jamalpur Upazila government portal, pulling the personal and registry data of more than 50,000 Bangladeshi citizens.
-
Retail giant Shwapno confirmed hackers hit its customer database last August and demanded $1.5 million in ransom, threatening to release stolen data publicly if the company refused to pay.
-
Both incidents now expose millions of citizens and customers to identity fraud, phishing, and targeted social engineering attacks.
Bangladesh is fighting on two cybersecurity fronts at once. Hackers have struck a district-level government portal and one of the country’s largest retail chains within months of each other, collectively compromising the sensitive data of tens of thousands of government registrants and millions of retail consumers.
Together, these incidents are forcing a hard conversation about how prepared Bangladesh’s digital infrastructure actually is.
Hackers Pull Government Registry Data from Jamalpur Portal
Unauthorised actors breached the official portal of the Jamalpur Upazila Administration, operating under Thakurgaon District at jamalpurup.thakurgaon.gov.bd, and extracted files exposing the data of more than 50,000 citizens. The breadth of the compromised records makes this breach particularly dangerous.
The stolen data reportedly includes full names written in Bengali, National Identity numbers running between 13 and 17 digits, Birth Registration Information System numbers, Beneficiary IDs tied to government assistance programmes, enrolment records from social welfare schemes, and individual citizen serial numbers.
Each of those fields alone carries risk. Together, they hand attackers a ready-made toolkit for identity fraud. Bad actors can cross-reference multiple data points to impersonate citizens, access government services fraudulently, or target vulnerable beneficiaries receiving state assistance.
Authorities have not released any official statement. The timeline of the intrusion and the identity of the perpetrators remain unknown, leaving over 50,000 citizens with no formal warning and no guidance on how to protect themselves.
Government cyber attacks are a global issue, French authorities recently arrested a suspect for allegedly hacking the interior ministry, demonstrating that while Bangladesh struggles with notification transparency, other nations are actively pursuing cyber criminals who breach state systems.
Shwapno Confirms Hack, Ransom Demand, and Months of Silence
Shwapno, one of Bangladesh’s most recognised retail chains, has confirmed that hackers breached its customer database in August of last year. The attackers demanded $1.5 million in ransom and set a December deadline, threatening to push the stolen data into public circulation if the company declined to pay.
The breach only reached public awareness recently, when portions of the compromised records, carrying customer names, phone numbers, and purchase histories, started spreading across social media.
Shwapno Managing Director Sabbir Hasan Nasir told The Business Standard that hackers delivered the first notification themselves, via email. He explained that after the company verified the claim, internal checks showed their own database access still functioning, leading management to conclude that while attackers “may have taken a portion of the data, the company moved quickly to recover full control of the system.”
Nasir, however, acknowledged he could not immediately confirm how many customers the breach affected or the exact volume of data the hackers walked away with.
That uncertainty carries serious weight. Shwapno, a subsidiary of ACI Limited, runs 812 retail outlets across 63 districts and holds records for over four million registered customers. Every one of those customers now faces potential exposure to fraud and manipulation campaigns built on their own purchase history and contact details.
The company has brought in local and international forensic experts and is working alongside the Counter Terrorism and Transnational Crime unit of the Bangladesh police. Legal proceedings are also underway.
Two Breaches, One Urgent Warning for Bangladesh
Government portals and commercial platforms are moving services online faster than security frameworks can keep pace. Experts warn that Bangladesh needs mandatory breach-disclosure timelines, stronger cybersecurity requirements for both public and private platforms, and a serious investment in public awareness before the next attack lands.
Attackers aren’t waiting for those systems to catch up. They already have the data. And in Bangladesh right now, millions of people are carrying that risk without even knowing it.
