South Korean e-commerce platform Coupang over the weekend said nearly 34 million Korean customers’ personal information had been leaked in a data breach that had been ongoing for more than five months.
The company said it first detected the unauthorized exposure of 4,500 user accounts on November 18, but a subsequent investigation revealed that the breach had actually compromised about 33.7 million customer accounts in South Korea.
The breach affected customers’ names, email addresses, phone numbers, shipping addresses and certain order histories, per Coupang. More sensitive data like payment information, credit card numbers, and login credentials was not compromised and remains secure, the company said.
Coupang said it has reported the incident to the Korea Internet Security Agency (KISA), the Personal Information Protection Commission (PIPC), and the National Police Agency.
One of South Korea’s biggest e-commerce platforms, Coupang also offers a quick-commerce service called “Rocket Delivery” in the country, and also operates its marketplace in Japan and Taiwan. A Coupang spokesperson told TechCrunch that the investigation has found no evidence that consumer data from Coupang Taiwan or Rocket Now was affected in the data breach.
“According to the investigation so far, it is believed that unauthorized access to personal information began on June 24, 2025, via overseas servers,” the company said. “Coupang blocked the unauthorized access route, strengthened internal monitoring, and retained experts from a leading independent security firm.”
Police have reportedly identified at least one suspect, a former Chinese Coupang employee now abroad, after launching an investigation following a November 18 complaint.
Join the Disrupt 2026 Waitlist
Add yourself to the Disrupt 2026 waitlist to be first in line when Early Bird tickets drop. Past Disrupts have brought Google Cloud, Netflix, Microsoft, Box, Phia, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, and Vinod Khosla to the stages — part of 250+ industry leaders driving 200+ sessions built to fuel your growth and sharpen your edge. Plus, meet the hundreds of startups innovating across every sector.
Join the Disrupt 2026 Waitlist
Add yourself to the Disrupt 2026 waitlist to be first in line when Early Bird tickets drop. Past Disrupts have brought Google Cloud, Netflix, Microsoft, Box, Phia, a16z, ElevenLabs, Wayve, Hugging Face, Elad Gil, and Vinod Khosla to the stages — part of 250+ industry leaders driving 200+ sessions built to fuel your growth and sharpen your edge. Plus, meet the hundreds of startups innovating across every sector.
|
October 13-15, 2026
This is the latest in a string of cybersecurity incidents in South Korea this year. Coupang itself has suffered several data breaches that have exposed customer and delivery drivers’ information in previous years. Past incidents included leaks between 2020 and 2021, and most recently in December 2023, when its seller management system compromised the personal information of more than 22,000 customers.
Original Source: https://techcrunch.com/2025/12/01/koreas-coupang-says-data-breach-exposed-nearly-34m-customers-personal-information/
Disclaimer: This article is a reblogged/syndicated piece from a third-party news source. Content is provided for informational purposes only. For the most up-to-date and complete information, please visit the original source. Digital Ground Media does not claim ownership of third-party content and is not responsible for its accuracy or completeness.
