top of page
Search

Coupang Data Breach Exposes 33.7 Million South Korean Accounts

  • Dec 2, 2025
  • 3 min read

Key Findings


  • Coupang, a major e-commerce company in South Korea, has suffered a massive data breach affecting over 33.7 million accounts - more than half of the country's population.

  • The breach was initially detected on November 18, 2025, when suspicious activity was observed on around 4,500 accounts.

  • Further investigation revealed that the breach actually dated back to late June 2025 and had compromised the personal information of nearly the entire Coupang user base.

  • Exposed data includes names, phone numbers, email addresses, delivery addresses, and partial order histories, but no financial information or login credentials were breached.

  • Coupang has reported the incident to South Korean authorities, who are actively investigating the breach.

  • A former Coupang employee located outside of South Korea has been identified as a primary suspect, complicating efforts to apprehend the individual.

  • Security experts have raised concerns about the lengthy duration of the breach, emphasizing the need for early threat detection and rapid response.


Background


Coupang is South Korea's largest e-commerce company, with a user base of over 33.7 million accounts, representing approximately 65.2% of the country's total population of 51.7 million. The company's platform offers a wide range of products and services, from electronics and fashion to groceries and on-demand delivery.


Breach Details


On November 18, 2025, Coupang detected suspicious activity on around 4,500 user accounts, prompting an internal investigation. However, as the company's security team delved deeper into the incident, the scale of the breach expanded significantly.


The investigation revealed that the unauthorized access had actually begun as early as June 24, 2025, and had compromised the personal information of nearly the entire Coupang user base. The exposed data included customers' names, email addresses, phone numbers, delivery addresses, and partial order histories.


Coupang has stressed that no sensitive financial information, such as payment details, passwords, or login credentials, was accessed during the breach. The company has assured users that their credit card data remains secure.


Response and Investigation


Coupang has reported the breach to the National Police Agency, the Personal Information Protection Commission, and the Korea Internet & Security Agency, who are now actively investigating the incident.


According to the company, the unauthorized access was traced to a server located outside of South Korea, and a primary suspect has been identified as a former Coupang employee who is no longer residing in the country. This has made it more challenging for authorities to apprehend the individual for questioning.


Coupang has also engaged an independent security firm to conduct a thorough forensic analysis and has taken steps to secure its systems and prevent similar incidents in the future.


Implications and Concerns


The Coupang data breach is a significant incident, as it has exposed the personal information of over 33.7 million South Korean users, representing more than half of the country's population. This vast amount of compromised data could be exploited for social engineering scams, potentially leading to further financial and reputational harm to the affected individuals.


Security experts have raised concerns about the lengthy duration of the breach, which lasted for several months before being detected. This highlights the need for early threat detection and rapid response mechanisms to mitigate the impact of such incidents.


Coupang is now facing serious questions about its internal security practices and the timeline of its breach response. The company's handling of the situation will be closely scrutinized, as the scale of the breach has the potential to erode public trust and confidence in the e-commerce platform.


Sources


  • https://hackread.com/coupang-data-breach-south-korean-accounts/

  • https://securityonline.info/alarm-coupang-data-breach-exposes-33-7-million-users-over-half-of-south-korea/

  • https://www.modaes.com/global/companies/coupang-suffers-massive-data-breach-of-337-million-customer-accounts

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page