Massive Coupang Data Breach: 33.7 Million Customer Accounts Exposed

South Korean e-commerce giant Coupang (CPNG.N), often called the "Amazon.com of South Korea" due to its ubiquitous service and "Rocket" fast deliveries, has confirmed a massive data breach affecting 33.7 million customer accounts in Korea.

This figure is significantly higher than the initial number of 4,500 accounts reported. Given the company's 24.7 million active customers in the product commerce division, the scale suggests nearly all users may be affected.

The exposed data includes name, email address, phone number, shipping address, and certain order histories.

Coupang confirmed that highly sensitive data like payment details, credit card numbers, and login credentials (passwords) were not accessed.

The company became aware of the unauthorized access on November 18, but the activity is believed to have started much earlier, on June 24, and was executed through overseas servers.

Coupang has reported the case to South Korean law enforcement and regulatory authorities. The investigation is ongoing and is being conducted jointly with security experts.

Recent reports indicate that the company filed a police complaint on November 25 against an "unidentified individual" and that internal suspicions point toward a former Chinese national employee who has since left the country.

The breach has sparked widespread anxiety and consumer backlash online, especially concerning the potential use of exposed personal information for phishing, spam calls, or other secondary crimes. There are also concerns that delivery-related notes, such as entrance door passwords, may have been compromised if stored in the address field.

The Personal Information Protection Commission and the Ministry of Science and ICT have launched a joint public-private investigation to determine the cause and propose preventive measures, underscoring the severity of the incident.