Coupang, the largest e-commerce platform in South Korea, has reported a significant data breach that impacts nearly its entire domestic user base. The breach has affected over 33.7 million customers, exposing sensitive information such as names, phone numbers, email addresses, physical addresses, and user order histories.
The company first identified unusual access on November 18, initially linking it to about 4,500 accounts. However, further investigation revealed a much larger scale of the breach, believed to date back to late June and traced to a server located outside South Korea.
In response to this incident, South Korea’s internet regulatory body and law enforcement agencies are conducting investigations. Coupang has formally notified various governmental entities, including the National Police Agency, the Personal Information Protection Commission, and the Korea Internet & Security Agency.
Coupang has stated that there is no evidence to suggest that sensitive financial information like payment details, passwords, or account login credentials were compromised. This assurance has been reiterated in a FAQ posted on its official website, where the company emphasizes that credit card information remains secure.
Despite these assurances, cybersecurity experts are voicing concerns regarding the duration of the breach. Piyush Pandey, CEO of Pathlock, a security firm specializing in access management, emphasized that such incidents underscore the critical need for early threat detection, going beyond traditional perimeter defenses. He highlighted that in the current threat landscape, rapid response is crucial following any breach.
Customers affected by this data breach are being contacted directly through email and text notifications. While Coupang has indicated that no immediate action is required from these individuals, they have advised users to remain vigilant against potential phishing attacks that could exploit the situation.
Currently, no instances of secondary misuse of the leaked data have been reported, although the situation continues to evolve. Coupang’s internal teams are cooperating with investigators and have committed to providing further updates as more information comes to light.
With a total population of 51.7 million, the Coupang data breach affects approximately 65.2% of South Korea’s populace.
This incident is part of a troubling trend of data breaches impacting major companies in South Korea, including prior attacks on SK Telecom. Given the scale of this breach, Coupang is now facing intense scrutiny regarding its cybersecurity measures and its responsiveness in managing the fallout.
