Coupang data breach hits millions of South Korean shoppers

Coupang, South Korea’s largest online retailer, has disclosed a major data breach affecting millions of customers. Authorities are examining the incident as the company works to determine what information was exposed and when the breach began.

Scope and timeline

Company officials said they first detected unauthorized access to about 4,500 customer accounts on 18 November and immediately informed authorities. Subsequent checks indicated approximately 33.7 million accounts nationwide could have been affected, with investigators pointing to a breach that may have started as early as June via a server based overseas.

What data was exposed

The compromised data include names, email addresses, phone numbers, shipping addresses, and some order histories. Crucially, no payment card details or login credentials were compromised, and users are not required to take action at this time, Coupang stated.

Impact and response

The number of affected accounts surpasses half of South Korea’s population of about 52 million. Coupang pledges to support affected customers and has urged vigilance against scams impersonating the company. No suspects have been named by the firm.

Regulatory context

South Korea’s Ministry of Science and ICT said it will assess the breach’s scale and whether the company violated data-protection rules, with swift action possible if safety duties under national law were not met. Local outlets have highlighted the seriousness of data leaks, noting similar incidents at other major firms this year.

In recent months, SK Telecom—the country’s largest mobile operator—faced a large penalty for a breach affecting more than 20 million subscribers, while Lotte Card reported a separate incident impacting nearly three million customers.

The government and industry observers emphasize that this event underscores the ongoing need for robust defense measures and transparent breach reporting to protect citizens’ personal information.

Expert perspective

Expert note: Cybersecurity analysts say this incident highlights the need for layered data protection, rapid breach detection, and clear disclosure to maintain consumer trust in digital services. Regulators are likely to scrutinize safety measures more closely.

Short summary

The breach at Coupang affects tens of millions of users and exposes contact details, while payment data remains secure. The company has apologized and urged caution against scams, with regulators reviewing the incident. This year has seen several major data leaks in Korea, underscoring ongoing privacy challenges in the country’s digital economy.

Key insight: Large-scale data breaches at leading firms remind readers that strong, transparent data protection is essential for safeguarding personal information. Source: BBC News