Data Breach concerns surged after Coupang confirmed that attackers accessed personal information of 33.7 million users. This incident affects nearly all users of one of South Korea’s largest e-commerce platforms. Data Breach raises urgent questions about cybersecurity in Korea’s fast-growing online retail sector.
Coupang said attackers obtained names, phone numbers, email addresses, and home addresses. The company stored payment information, credit card details, and login credentials under separate security, and attackers could not access them. Officials advised users to remain cautious but said they do not need immediate action.
The platform has roughly 34 million monthly active users, meaning almost everyone could be affected. Analysts now classify this breach as one of Korea’s largest e-commerce incidents. Investigators discovered that unauthorized access may have started on June 24 and continued for months before detection.
Internal records show attackers attempted access on Nov. 6, but company staff discovered it only on Nov. 18. The company initially reported about 4,500 affected accounts, but the figure rose to 33.7 million after deeper investigation. Coupang blocked unauthorized channels and enhanced monitoring to prevent further attacks.
Regulatory authorities, including the Personal Information Protection Commission and Ministry of Science and ICT, launched a joint investigation. They aim to identify the cause and propose preventive measures. The Seoul Metropolitan Police also opened a probe following Coupang’s complaint.
Reports indicate that a possible internal employee, possibly a foreign national, may have triggered the breach. Authorities said the suspect has left Korea, complicating the investigation. Coupang confirmed it is fully cooperating with investigators.
Experts warned of secondary risks, including fraudulent calls, texts, or phishing targeting exposed users. Authorities told consumers to ignore messages referencing “compensation,” “refunds,” or “damage verification.”
This breach follows several high-profile cyberattacks in Korea, including SK Telecom, major mobile carriers, and Lotte Card. By user count, Coupang’s incident now ranks as the largest e-commerce data breach in the country. Analysts predict fines could surpass previous records for privacy violations.
Officials and cybersecurity specialists emphasized that companies must strengthen internal controls, implement ongoing monitoring, and ensure rapid response systems. They said businesses must act to prevent similar Data Breach events from occurring in the future.
