Massive Coupang Data Breach: 33.7 Million Customers Affected
E-commerce giant Coupang has confirmed a massive data breach compromising the personal information of 33.7 million customers, representing nearly its entire user base in South Korea.
Key Takeaways
- 33.7 million Coupang customers affected by data breach
- Compromised data includes names, phone numbers, emails, and addresses
- Payment information and login credentials remain secure
- Breach occurred through overseas servers since June 24
- Former Chinese employee identified as suspect
What Information Was Compromised?
The breached data includes customer names, phone numbers, email addresses, and delivery addresses. Coupang confirmed that payment information, credit card numbers, and login credentials were not affected in this incident.
“Unauthorised access to delivery-related personal information for the affected accounts appears to have been made through overseas servers since June 24,” the company stated.
Investigation and Suspect Details
Police have identified at least one suspect in the case – a former Chinese employee of Coupang who is no longer with the company and has left South Korea. The investigation began after authorities received a formal complaint on Tuesday.
Coupang first discovered the breach on November 18 and notified authorities within two days. The company initially reported a much smaller leak affecting only 4,500 customers before the full scale emerged.
Growing Customer Concerns
Customers have expressed serious concerns about potential misuse of their compromised information as the breach scope proved far larger than initially reported and extended back several months earlier than first believed.
Historical Context and Potential Impact
This incident surpasses SK Telecom’s data leak in April that affected 23.2 million users, which resulted in a record fine of 134.8 billion won. The full extent of damage may increase as investigations progress.
The case echoes recent data breach patterns, including Lotte Card’s incident where the company initially denied financial details were breached in September, only to retract the statement two weeks later and admit credit card numbers were compromised.
As one of South Korea’s largest e-commerce platforms, this breach raises significant questions about and corporate responsibility in protecting customer information.
