Discovery of the Breach and Initial Findings
South Korea’s largest online retailer, Coupang, has apologised for a major data breach that may have exposed information from nearly 34 million customer accounts. The Korea Internet and Security Agency said it is investigating and believes personal details from millions of accounts were likely accessed. Coupang initially reported the unauthorised access of about 4,500 accounts on 18 November, but later checks indicated that approximately 33.7 million accounts were affected. The company said the breach may have begun as early as June through a foreign-based server.
Types of Data Exposed and Company Response
Coupang said the leaked information includes names, email addresses, phone numbers, shipping addresses, and some order histories. It added that no credit card details or login credentials were compromised and that these remain securely protected. Users are not required to take action at this time, according to the firm. The number of affected accounts represents more than half of South Korea’s population of about 52 million. Coupang, founded in South Korea and headquartered in the United States, recently reported nearly 25 million active users.
The company apologised to customers and urged them to watch for scams impersonating Coupang. It did not provide information on who is responsible for the breach.
Investigation and Possible Suspect
South Korean media reported that a former Coupang employee from China is suspected of involvement. The Ministry of Science and ICT said authorities are assessing the scale of the breach and whether the company violated data safety obligations. The ministry noted that the incident involved contact details and addresses of a large number of citizens and said it plans to carry out a swift investigation, imposing strict sanctions if it finds safety-rule violations under the Protection Act.
Reaction From Local Media and Ongoing Security Concerns
Several South Korean media outlets strongly criticised the breach. Chosun Ilbo’s editorial board called the incident “preposterous” and urged strict penalties for companies responsible for exposing customer data. Dong-A Ilbo described the breach as “the worst personal data leak” in Korean history and questioned how it went undetected for months, suggesting the company’s internal protection systems were ineffective.
Context of Previous Breaches in South Korea
The breach at Coupang adds to a series of cybersecurity incidents affecting major South Korean companies this year. SK Telecom was fined nearly $100 million after a data breach involving more than 20 million subscribers. In September, Lotte Card reported that data belonging to nearly three million customers had been leaked following a cyber-attack.
Coupang has also faced several earlier security incidents, including a breach that exposed data of 460,000 customers.
Featured image credits: Wikimedia Commons
For more stories like it, click the +Follow button at the top of this page to follow us.