Coupang’s data breach undetected for five months, triggering customer alarm (Yonhap)
SEOUL, Nov. 30 (Korea Bizwire) — Anxiety is rising in South Korea after a massive data breach at e-commerce heavyweight Coupang, which local officials said Sunday may have gone undetected for months.
The U.S.-listed retailer said Saturday that personal information belonging to 33.7 million customers—virtually its entire user base—was compromised. The exposed data includes names, phone numbers, email accounts and delivery addresses. Coupang said that payment information, credit card details and login credentials were not affected.
According to the company, unauthorized access to delivery-related personal data appears to have been conducted through overseas servers starting June 24.
Police have identified at least one suspect, according to people familiar with the matter. The individual is believed to be a former Chinese employee of Coupang who has since left both the company and the country, these people said. Authorities opened an investigation Tuesday after receiving a complaint.
The Coupang vehicle garage in downtown Seoul. (Yonhap)
Coupang said it first detected the breach on Nov. 18 and notified regulators within two days. The company initially reported that roughly 4,500 accounts were affected.
The scale of the exposure—now shown to be far larger and far older than first disclosed—has alarmed consumers, who fear their information could be misused for fraud or phishing schemes. The incident now surpasses SK Telecom’s April breach, which compromised data from 23.2 million users and triggered a record 134.8 billion won fine.
The final impact could grow as the probe continues. In a recent parallel case, Lotte Card initially denied that financial data had been leaked in a September breach, only to reverse course two weeks later and acknowledge that credit card numbers and other sensitive information had indeed been exposed.
Ashley Song (ashley@koreabizwire.com)
