On December 3, in front of Coupang’s headquarters in Songpa District, Seoul, participants stage a performance demanding an apology and accountability during a joint press conference organized by People’s Solidarity for Participatory Democracy, the Lawyers for a Democratic Society’s Committee on Economic Justice, and the Korea Consumer Federation to announce the launch of a collective dispute mediation request over Coupang’s personal data leak. Various categories of personal information are written on the ground. (Yonhap)
SEOUL, Dec. 9 (Korea Bizwire) — A series of massive data leaks over the past decade, culminating in a recent breach involving 33.7 million Coupang accounts, has created a landscape in which personal information circulates widely and can now be used to reconstruct an individual’s identity and daily habits with alarming precision.
While each incident may appear limited in scope, accumulated fragments of information — leaked at different times from portals, credit card companies, online retailers, medical institutions and other service providers — have formed a near-complete “digital profile” for millions of Koreans, cybersecurity specialists say.
This emerging profile encompasses not only static identifiers such as names and resident registration numbers, but also lifestyle data, including shopping patterns, delivery orders, mobility trends, and even medical visits.
Combined, it offers attackers insight into where people live, what they buy, how they move, and potential health vulnerabilities.
South Korea’s wave of large-scale data breaches began in the early 2010s. In 2011, more than 30 million users’ information was stolen from Nate and Cyworld. In 2014, over 100 million financial records were leaked at three major credit card companies, followed by a 2016 incident at online retailer Interpark that exposed information from 10 million accounts.
Accumulated Data Leaks Turn Koreans Into Targetable “Digital Personas,” Analysts Say (Image courtesy of Yonhap)
Official statistics underscore how widespread the problem has become. Reported data-leak notifications surged from 640,000 cases in 2022 to more than 10 million in 2023, according to the Personal Information Protection Commission. Illegal data trade postings monitored on the web and dark web have surpassed 900,000 since 2020.
Even after accounting for duplication, industry analysts estimate that the average Korean’s personal information has been exposed six to seven times.
Security experts say recent breaches involving e-commerce platforms are especially troubling because behavioral data — including purchase records, delivery use and even payment history — is now being siphoned alongside basic identification details.
When matched with previously leaked credentials, the information can fuel credential-stuffing attacks that automatically test stolen ID–password combinations across multiple platforms, potentially triggering a chain reaction of account takeovers.
A delivery vehicle from a Coupang logistics center in Seoul (Yonhap)
The risks extend beyond financial fraud. Over time, aggregated personal information could enable identity theft, stalking, targeted discrimination, or sophisticated social engineering attacks. In extreme scenarios, experts warn, attackers could recreate a highly accurate digital representation of an individual.
Banks and financial institutions have strengthened fraud monitoring and layered authentication systems, which help mitigate unauthorized withdrawals. But phishing and smishing schemes remain potent because they rely on tricking users into completing authentication themselves.
Even after users cancel services, some payment and transaction records must legally be retained, meaning that personal data may persist long after an account is closed.
To minimize exposure, cybersecurity specialists urge consumers to adopt better digital hygiene: use different passwords for different services, change them regularly, activate multi-factor authentication such as OTPs, monitor identity-theft alerts, and block unauthorized new account openings.
Users can also check for potential breaches through national platforms such as the Korea Internet & Security Agency’s Boho Nara service.
Industry analysts warn that unless authentication practices evolve and organizations improve data safeguards, the long-term consequences of accumulated leaks could reshape the privacy landscape for years to come.
M. H. Lee (mhlee@koreabizwire.com)
