That is exactly what thousands of people did after hackers leaked the customer database of Shwapno, Bangladesh’s one of the largest supermarket chains, in early 2026.

The data had reportedly been sitting in the attackers’ hands since August 2025. The breach simply surfaces one day on social media, and suddenly, the personal records of over 40 lakh people were a search bar away, and 410 GB of data was dumped on the dark web.

Undeniably, it was one of the largest corporate cyberattacks in Bangladesh’s history. And for those of us studying technology, computer science or anything adjacent, it should feel like a direct message.

The gap no one is talking about
The most uncomfortable truth behind it is this: this was not an unsolvable problem. The attackers did not use some exotic, classified method. Rather, they moved through systems that were not adequately monitored and held data hostage for months before anyone realised the extent of what had happened. The technical skills required to detect and prevent exactly this kind of intrusion exist; they are just not widely cultivated in Bangladesh.

Most companies here intensely focus on their front-end experience and their database architecture. What tends to fall through the cracks is everything in between: the APIs, the access controls, the network monitoring, the security audits. Not because the engineers are incompetent, but because cybersecurity as a discipline has never been treated as a fundamental requirement. It has always been an afterthought, bolted on when something goes wrong rather than built in from the start.

Bangladesh ranked 59th out of 145 countries in the Global National Cyber Security Index, which is a live index. But it says very little about what is actually happening inside the companies that hold your personal data.
So what is actually cybersecurity?

Before you can decide whether it is the right path for you, it helps to understand what the field actually involves, because the popular image of the lone hacker in a dark room is almost entirely fiction.

Cybersecurity is, at its core, the discipline of understanding how computer systems and networks can be compromised, and designing defences against that. Professionals in the field are often categorised by intent. White-hat hackers, also called ethical hackers or penetration testers, are paid by organisations to find vulnerabilities before criminals do.

They simulate attacks, write reports, and help build more resilient systems. Black-hat hackers are the adversaries: the ones who breach systems without permission, usually for financial gain. The Shwapno attackers, affiliated with the ransomware group Qilin, fall into this category. Grey-hat hackers sit somewhere in between, sometimes exposing vulnerabilities publicly without authorisation but without direct malicious intent.

The career you would actually be building is in the white-hat space, and it is one of the fastest-growing, most in-demand fields globally. According to Cybersecurity Ventures, there were an estimated 3.5 million unfilled cybersecurity jobs worldwide in 2025. In Bangladesh, that gap is proportionally even more acute.

Imtiaz Karim is an Assistant Professor at the University of Texas at Dallas whose research sits at the intersection of cybersecurity and mobile systems. When asked why undergraduates, particularly in countries like Bangladesh, should take the field seriously, his answer was direct:

“Cybersecurity matters more than ever now, because whenever a new technology is developed, the first thing that people (this can be a big organisation, a nation state) do is try to exploit it. It is really important for undergraduates to consider cybersecurity research so that they can find these vulnerabilities and design defences that make its usage safe. In terms of preparing themselves, I would say the most important thing is critical thinking.

Cybersecurity has always been a critical thinking field where people need to think out of the box to attack and defend systems. Having some undergraduate research experience is a must nowadays.”

Where to start in Bangladesh
The academic landscape is growing, even if it has not yet caught up with the need. At the undergraduate level, AIUB and BUP both offer dedicated programmes in Computer Network and Cyber Security; structured pathways for students who want to specialise from day one rather than piecing together the knowledge independently.
At the postgraduate level, BUET and Dhaka University offer strong environments for research-focused study in cybersecurity. For those with ambitions of going abroad for higher studies, cybersecurity is an area where Bangladeshi students can make a genuine mark, particularly with a research component attached to their undergraduate record.

Outside of formal academia, the self-learning ecosystem is rich. Platforms like TryHackMe and Hack The Box offer structured, legal environments where you can practise penetration testing and vulnerability analysis from your laptop.

Capture the Flag (CTF) competitions are how many of the world’s best security professionals first develop their skills. Internationally recognised certifications such as CompTIA Security+, Certified Ethical Hacker (CEH), and Offensive Security Certified Professional (OSCP) carry real weight with employers and postgraduate admissions committees.

The opportunity inside the crisis
The Shwapno breach was a failure of institutional preparedness. But read from a different angle, it is also a signal. Bangladesh’s digital economy is expanding rapidly. More citizens are sharing personal data with retail chains, banks, healthcare providers, and government systems. Every single one of those data stores is a potential target. The professionals who can protect them are, right now, in critically short supply.

If you are a student weighing your options, wondering whether to pursue a research project or a certification, this is the context worth keeping in mind. Cybersecurity is the infrastructure of trust that makes a digital society possible. And in Bangladesh, the people building that infrastructure are urgently needed.

The breach happened because the expertise was not there. The question is whether, the next time something like this occurs, it will be.