Coupang hit by massive data leak, police investigate
South Korean police have launched an investigation into a major data breach at e-commerce giant Coupang, after personal information from more than 33 million customers was leaked in what officials describe as the country’s worst cyber incident in over a decade. Authorities are tracing IP addresses and examining security vulnerabilities in Coupang’s systems, following reports that the breach began on June 24 through overseas servers but went undetected until Nov. 18.
The science ministry said the attacker exploited authentication weaknesses in Coupang’s servers. Coupang confirmed that names, phone numbers, email addresses, shipping information and parts of order histories were exposed, though payment data and login passwords were not compromised. The firm, backed by Japan’s SoftBank, has apologized publicly, News.Az reports, citing Reuters.
Local broadcaster JTBC reported that Coupang suspects a former Chinese employee who allegedly retained an active authentication key after their contract ended. A South Korean lawmaker said this key was used to access customer information, though police and Coupang have not confirmed any suspects.
Public anger is rising, with more than 10,000 people expressing interest in joining a class action lawsuit seeking at least 100,000 won ($68) per affected customer. The breach has also intensified debate over South Korea’s data security laws, with the presidential office calling recent leaks—including one at SK Telecom affecting 27 million users—evidence of “structural loopholes” in protecting personal information.
Coupang, founded in 2010, is South Korea’s largest online retailer and continues expanding into food delivery, streaming and fintech. The company’s shares fell around 9% in premarket trading following news of the breach.
Similar news
