President Lee Jae-myung enters a Cabinet meeting at the presidential office in Yongsan on December 2. Following behind him are Prime Minister Kim Min-seok and Chief of Staff Kang Hoon-sik. (Yonhap)
SEOUL, Dec. 2 (Korea Bizwire) — President Lee Jae-myung on Tuesday condemned Coupang’s massive data breach and instructed his cabinet to swiftly determine the cause and impose strict accountability, calling the incident “astonishing” both in scale and in the company’s failure to detect the leak for nearly five months.
Speaking at a Cabinet meeting in Seoul, Lee said the exposure of roughly 34 million user accounts — including names, phone numbers, addresses and portions of purchase histories — had caused widespread public anxiety.
“The fact that the company failed to recognize the leak for such a long period is truly shocking,” he said, urging agencies to study overseas precedents, strengthen fines and make punitive damages “a practical reality.”
Lee warned that Korea must overhaul its approach to personal data protection in an era of artificial intelligence and hyper-connectivity. He called for a “paradigm shift” in digital security standards across both the public and private sectors.
The stock price of Coupang fell sharply following a massive data breach involving 34 million personal information records. The photo shows delivery vehicles loaded with Rocket Fresh bags and other items at a Coupang logistics center in downtown Seoul. (Yonhap)
The breach — initially reported by Coupang on Nov. 20 as affecting about 4,500 accounts, then revised to more than 33 million nine days later — has sent shockwaves through the country’s e-commerce industry.
Under Korea’s revised privacy law, companies can face penalties of up to 3 percent of their annual revenue for data leaks. Coupang, which reported roughly 36.3 trillion won in cumulative sales through the third quarter, could theoretically face fines exceeding 1 trillion won (US$760 million), eclipsing the record 134.8 billion won levied on SK Telecom after a leak earlier this year.
The Coupang vehicle garage in downtown Seoul. (Yonhap)
Because the exposed information includes delivery addresses and order histories, officials warn that consumers face elevated risks of smishing, phishing and other targeted fraud. The case has also raised concern because investigators believe the breach stemmed not from external hacking but from a former employee’s use of authentication tokens and signing keys — suggesting systemic failures in internal controls.
Other major e-commerce platforms, including Gmarket, SSG.com, Lotte On and 11st, have launched emergency security audits in response. Several companies reported revisiting access-control systems, log management, and monitoring procedures to prevent similar intrusions.
Industry analysts said the incident highlights the vulnerabilities that can arise as domestic platforms expand partnerships with global operators, such as Gmarket’s joint venture with Alibaba. Consumers and regulators have expressed concern that cross-border data sharing may complicate oversight and increase exposure risks.
A view of a Coupang logistics center in downtown Seoul. (Yonhap)
Coupang is among Korea’s largest corporate investors in information security, spending 890 billion won this year on protective systems. But experts argue that the breach reveals deeper structural flaws, noting that the departing employee’s access credentials were not revoked. “It’s difficult to understand how a company investing at this scale failed to detect a leak of 34 million records for five months,” one industry official said.
Regulators — including the Ministry of Science and ICT, the Personal Information Protection Commission, the police and the National Intelligence Service — are conducting a joint investigation, with findings expected to shape new national security protocols.
“We still do not know which specific link in the chain failed,” an e-commerce industry representative said. “As the investigation proceeds, we will continue to adjust our response based on what emerges.”
M. H. Lee (mhlee@koreabizwire.com)
