Thedailystar
Bangladesh Data Breach Exposes Millions Amid Weak Data Protection Law
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On August 19, 2025, hackers breached Shwapno's database, stealing 410 gigabytes of data from forty lakh customers, including personal details. They demanded a ransom of $1.5 million, which Shwapno refused, leading to a seven-month silence before the data was leaked on the dark web in March 2026. Bangladesh's newly enacted data protection law lacks a mandatory breach notification requirement, leaving citizens uninformed about risks. The law's enforcement is assigned to a body unable to hold powerful entities accountable, raising concerns about its effectiveness. Additionally, the Election Commission confirmed multiple data leaks from organizations with access to the National Identity database, further highlighting systemic vulnerabilities. The Shwapno incident exemplifies the law's inadequacies and the urgent need for stronger data protection measures.
Key Points: • Shwapno's data breach affected 40 lakh customers, exposing sensitive personal information. • Bangladesh's new data protection law lacks mandatory breach notification requirements. • The law's enforcement body is unable to effectively investigate breaches involving powerful entities.