Coupang has admitted that unauthorised access exposed the personal information of 33.7 million customer accounts, marking the worst data leak in South Korean history. The leaked data includes names, email addresses, phone numbers, delivery addresses and some order histories, while payment credentials and login details are said to remain secure. The breach first began on 24 June and remained undetected until 18 November, when the company discovered suspicious access affecting about 4,500 accounts — a figure swiftly revised upward as investigators uncovered the full scale of the leak.
Police investigators are analysing server logs and have identified the IP address used in the attack, triggering efforts to trace the suspect. Authorities have not confirmed the nationality of the person under suspicion, though local media have pointed to a former employee of Chinese origin. Coupang filed a formal complaint on 25 November under legislation covering unauthorised access and data theft, and the probe has since turned into a full-fledged criminal investigation.
In response to mounting public concern, the Ministry of Science and ICT convened an emergency meeting to examine whether Coupang violated national data-protection laws. The government has warned that the exposed information — though not financial in nature — could easily be used for phishing, identity theft or other scams, particularly given the extent of the leak and the volume of personal data involved.
Coupang says it blocked the breach route as soon as the intrusion was confirmed and has engaged external cybersecurity experts to strengthen internal monitoring. The firm also issued a public apology through its chief executive, pledging full cooperation with law enforcement and regulatory bodies.
Follow Arabian Post
Select Arabian Post as your preferred source on Google and MSN News for trusted business news and Arab politics and updates.
