A legal notice has been sent to the supermarket chain Shwapno seeking information on the measures taken following the leakage of customer data.
Supreme Court lawyer Barrister Lutfe Jahan Purnima sent the notice to the Managing Director of Shwapno’s parent company, ACI Limited, on Monday (March 30).
According to the notice, a serious security breach occurred in Shwapno’s customer database around August 2025, during which an unauthorized third party accessed customers’ personal information and demanded a ransom to prevent its disclosure.
It is alleged that sensitive data—including customers’ names, mobile numbers, and purchase information—was later illegally made public. The notice further claims that the company’s data protection measures were inadequate, failing to safeguard customers’ personal and financial information. Despite being aware of the breach for an extended period, the company did not promptly inform affected customers, depriving them of the chance to protect themselves. This, the notice says, has significantly increased the risk of fraud, unauthorized transactions, and identity theft.
The notice also alleges that although Shwapno later claimed to regain control of its system, it failed to secure or neutralize the stolen data, indicating serious negligence and institutional failure, which put a large number of customers at potential risk.
According to the notice, such actions violate citizens’ rights to equality, legal protection, and personal freedom under Articles 27, 31, and 32 of the Constitution, describing the company’s conduct as extreme negligence.
The notice directs Shwapno’s authorities to, within seven days, provide complete information, submit a list of affected customers, confirm the data leakage, implement compensation measures, strengthen cybersecurity, and submit a detailed report to the relevant authorities.
It warns that failure to comply within the specified time may result in public interest litigation and necessary civil and criminal action under Article 102 of the Constitution.