South Korea’s largest e-commerce platform Coupang has apologized to the public and its users after a major data breach affecting 33.7 million customer accounts. The fact that the breach occurred despite the country’s strict data protection laws has raised questions about the overall cyber security framework.
Coupang announced that it detected unauthorized access to several accounts on November 18; however, investigations revealed that the breach dated back to June and affected a total of 33.7 million accounts. The leaked information includes user names, phone numbers, email addresses, shipping addresses and certain order histories. The company emphasized that payment information and login credentials remain secure. With this incident, the number of affected users represents more than half of South Korea’s population.
Suspects and Government Investigation Deepen
Local media reported that a former Coupang employee of Chinese nationality is suspected of being behind the breach. The company filed a complaint about the individual and the police investigation is ongoing. The Ministry of Science and ICT is examining whether the company violated data protection laws. The government held an emergency meeting and warned users to remain cautious against fraud and phishing attacks.
The Korea Internet and Security Agency (KISA) issued warnings to millions of users, advising them to be alert to fake celebration messages, delivery notifications and scammers impersonating the company.
What It Means for Coupang and the Industry
Coupang had previously experienced data leaks affecting 460,000 users; however, this incident has been recorded as the largest breach in the company’s history. In addition, recent breaches affecting millions of users at SK Telecom, the country’s largest mobile operator, and Lotte Card have increased concerns about data security in South Korea.
Local newspapers criticized Coupang for causing what they called “the worst personal data leak in history” and highlighted urgent shortcomings in the company’s data protection practices. Experts say such an extensive breach could seriously damage the company’s reputation and user trust.
The massive data breach at Coupang serves as a critical warning not only for the company itself but also for South Korea’s entire e-commerce and technology sector. Strengthening internal security systems, enforcing stricter regulatory oversight and increasing user awareness have now become essential.
