South Korea’s largest e-commerce giant, Coupang, has admitted to a massive data breach that compromised the personal details of nearly 33.7 million customers.
The company issued a formal apology on November 30, 2025, pledging full cooperation with investigators and promising tighter security controls.
The stolen information includes names, email IDs, phone numbers, delivery addresses, and select order histories.
Coupang insists that payment information, financial data, and login credentials remain untouched.
An internal probe revealed that the breach began on June 24, originating from overseas servers, and persisted undetected for months.
The anomaly surfaced only on November 18, prompting the firm to alert the Korea Internet & Security Agency (KISA), police, and other regulators.
Government authorities responded immediately. The Ministry of Science and ICT convened an emergency review, calling the breach part of a troubling rise in security failures at major Korean corporations.
Coupang Breach Sparks Scrutiny
Officials emphasised the need for stronger compliance and faster threat detection.
Investigators are examining the possible role of a former Coupang employee of Chinese nationality, now considered a key suspect.
Police are examining whether internal vulnerabilities or procedural lapses enabled the intrusion.
Coupang has blocked the attacker’s access route and overhauled its security hierarchy.
The company separated the responsibilities of the Chief Information Security Officer (CISO) and Chief Privacy Officer (CPO) to enhance accountability.
Critics argue these moves, though necessary, came far too late.
Cybersecurity experts warn that the exposed customer data could fuel phishing campaigns and spam calls.
Authorities have urged the public to stay alert and report suspicious communication.
The breach’s sheer scale makes it one of South Korea’s most alarming data incidents.
With Coupang’s user base topping 24.7 million active customers, the attack raises serious questions about internal oversight, digital governance, and risk management at even the most established digital platforms.
As investigations deepen, the incident underscores an urgent truth: large online ecosystems remain highly vulnerable, and stronger data-protection systems are no longer optional, they are essential.
Also Read: Realme C85 5G Packs Big Battery, Fast Display & IP69 Strength At A Budget Price
To read more such news, download Bharat Express news apps
