Coupang Data Breach Exposes Personal Information of 34M Customers
Recent revelations from South Korean e-commerce giant Coupang indicate that a substantial security breach has impacted nearly 34 million customers. The company confirmed the leak, which involved sensitive personal data, was ongoing for over five months.
Coupang Data Breach Overview
On November 18, 2023, Coupang detected unauthorized access affecting 4,500 user accounts. However, further investigation uncovered that approximately 33.7 million accounts were compromised in total. The leaked information includes:
- Customer names
- Email addresses
- Phone numbers
- Shipping addresses
- Order histories
Fortunately, the breach did not expose more sensitive data such as payment details, credit card numbers, or login credentials, according to the company’s statement.
Response and Investigation
Coupang has reported the incident to key authorities, including the Korea Internet Security Agency (KISA), the Personal Information Protection Commission (PIPC), and the National Police Agency. An ongoing investigation has revealed that unauthorized access commenced on June 24, 2023, exploiting overseas servers.
The company has taken steps to mitigate further risks by blocking the unauthorized access route, enhancing internal monitoring, and hiring independent security experts for analysis.
Suspect Identification
Law enforcement has identified at least one suspect linked to the breach. The individual, a former employee of Coupang, is currently residing abroad. This investigation was initiated following a formal complaint made by the company on November 18.
Background on Coupang
Coupang, one of South Korea’s leading e-commerce platforms, also provides a rapid delivery service called “Rocket Delivery” and has operations in Japan and Taiwan. Despite its popularity, the platform has faced numerous cybersecurity challenges in the past. Previous data breaches have occurred between 2020 and 2021, with a notable incident in December 2023 compromising information of over 22,000 customers.
This breach underscores the ongoing cybersecurity threats faced by large e-commerce platforms in South Korea and the critical importance of robust security measures.
