ON August 19, 2025, hackers breached Shwapno’s database, stealing 410 GB of customer data, including personal details of 4 million customers, and demanded a ransom of $1.5 million. Shwapno did not inform customers for seven months and only took action after the data was released on the dark web in March 2026. In a separate incident on June 24, 2026, a Dismislab investigation revealed that Bangladesh's parliamentary election voter list was being sold on Facebook without authorization for as little as 30 taka.
The Election Commission denied approval of these sales, while the new data protection law lacks accountability provisions for individuals selling personal data.