Coupang Data Breach Exposes Personal Information of 33 Million Customers
- Incident prompts investigations by regulatory bodies and potential lawsuits.
- Compromised data includes customer names, contact details, and order specifics; payment information remains secure.
- Cyberattack reportedly linked to a former employee’s unrevoked account; over 10,000 customers pursue class-action lawsuit.
Coupang, a foremost e-commerce titan in South Korea, has disclosed a grievous cyber breach, exposing personally identifiable information (PII) of 33 million customers.
This incident is poised to be one of the most significant data security failures in both the company’s and the nation’s annals, igniting inquiries by data protection authorities, leading to a formal apology from the CEO, and stirring the beginnings of a possible class-action lawsuit.
In a letter dated November 30, Coupang’s CEO, Park Dae-joon, detailed the nature of the breach and expressed remorse over the incident. The attack began on June 24, 2025, but was only recently identified.
Apologies and Accountability
Throughout the intrusion, which persisted until relatively recently, unidentified threat actors pilfered individuals’ names, email addresses, telephone numbers, shipping locations, and specific order details.
While this information presents significant risks for identity theft and phishing schemes, Dae-joon assured stakeholders that sensitive account details, including passwords, payment methods, and credit card data, remain intact and unaffected.
In his correspondence, spanning approximately ten sentences, Park Dae-joon conveyed his apologies on three separate occasions.
“Coupang remains committed to mitigating further repercussions in close collaboration with the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet & Security Agency, the National Police Agency, and assorted public-private collaborative investigative bodies,” he indicated.
Additionally, according to reports from Reuters, 33 million individuals are implicated in this breach. Investigations suggest that the breach may have originated with a former employee of Chinese descent.
Allegedly, the employee’s account was never disabled post-termination, subsequently facilitating data exfiltration.
Moreover, more than 10,000 individuals have shown interest in participating in a class-action suit against the retailer, potentially seeking compensation of approximately $68 per affected person.
Source link: Techradar.com.
