Coupang, the largest online shopping site in South Korea, has just acknowledged that it was a victim of a massive data leak. As many as 33.7 million customers have been impacted! This is probably the most serious cybersecurity issue that has been faced by South Korea in a long time. The leak was ongoing for quite a few months without anyone noticing, and now people are angry everywhere. The authorities are conducting a thorough inquiry to find out what happened.
Breach Went Undetected for Nearly Five Months
Coupang said unauthorised access likely began on June 24 via an overseas server and was only discovered on November 18. The company initially believed only 4,500 customer accounts were affected, but further checks revealed that almost its entire South Korean user base had delivery-related information exposed.
The leaked data includes:
- Customer names
- Phone numbers
- Email addresses
- Shipping addresses
- Portions of the order history
Coupang assured that no credit card details, bank information, or login credentials were compromised, and stated that customers are not required to take action beyond remaining alert to possible scam messages or phishing attempts.
Former Employee Named as Prime Suspect
Police have secured the IP address used during the attack and identified the suspected perpetrator as a former Coupang employee from China who has already left South Korea. Authorities are now examining whether the individual acted alone and whether the breach is linked to an email that threatened to expose the stolen data.
Government Intervention and Regulatory Pressure
The Ministry of Science and ICT, along with the Korea Internet & Security Agency (KISA), has initiated a series of rapid inspections to check if Coupang has breached any safety measures under the Personal Information Protection Act.
Authorities have indicated that in the event of a security incident due to neglect by Coupang, they will respond by imposing severe penalties.
Public and Industry Backlash
The incident has intensified consumer frustration as South Korea continues to face a wave of large-scale cyber incidents this year. Critics have pointed out that despite the nation’s reputation for strict data privacy regulations, corporate cybersecurity practices remain inconsistent.
Leading local newspapers described the situation as “the worst personal data leak in South Korean history”, calling for corporate accountability and improved internal security protocols.
Coupang’s Response
Coupang has publicly apologised and is notifying affected customers through email and SMS. The company says it is cooperating fully with investigative authorities and will continue to update users as findings emerge.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
