Coupang apologizes after a massive breach exposes data from 33.7 million users, triggering government scrutiny and renewed concerns about South Korea’s cybersecurity readiness.
 |
| The Coupang breach, reportedly tied to a former employee, exposed extensive user details and sparked a national review of South Korea’s cybersecurity safeguards. Image: CH |
SEOUL, South Korea — November 30, 2025:
South Korea’s leading e-commerce giant, Coupang, is under intense national and regulatory scrutiny after revealing a massive data breach affecting 33.7 million customer accounts—one of the largest in the country’s digital history. The incident has reignited long-standing concerns about systemic cybersecurity vulnerabilities across major Korean corporations.
Coupang CEO Park Dae-jun issued a formal apology through the company’s website, acknowledging the widespread inconvenience and pledging full cooperation with investigators. The company said the breach—believed to have begun on June 24 via overseas servers—exposed customer names, email and phone contacts, shipping addresses, and portions of order histories. Sensitive financial data and login credentials were not compromised, according to the firm.
The government convened an emergency meeting on Sunday, signaling the severity of the incident. Minister of Science and ICT Bae Kyung-hoon said authorities are examining whether Coupang violated mandatory safety rules under South Korea’s personal information protection laws—an area where past compliance failures at other major companies have already raised alarms.
The developing investigation took a dramatic turn after Yonhap News Agency reported that a former Chinese employee of Coupang is suspected of orchestrating the unauthorized access. Coupang had filed a complaint with police earlier this month, and authorities are now expanding their probe. While details remain unclear, the allegation underscores a growing global challenge: the rise of insider-led cyber breaches targeting major digital platforms.
The breach is particularly troubling given Coupang’s prominence in daily Korean life. Known for its ultra-fast “Rocket Delivery” network, the company reported 24.7 million active commercial users in the third quarter alone. Such widespread reliance amplifies the impact of any security lapse, raising questions about whether rapid platform growth has outpaced internal safeguarding systems.
The government-run Korea Internet & Security Agency (KISA) has issued a nationwide advisory urging affected users to remain vigilant against phishing attempts exploiting leaked personal data. With millions now vulnerable to targeted scams, the secondary risks of the breach may unfold long after the initial intrusion.
The Coupang incident once again highlights a critical vulnerability in South Korea’s tech landscape: while its digital adoption and e-commerce innovation rank among the world’s fastest, its corporate cybersecurity frameworks have not consistently kept pace. Following breaches at SK Telecom and other major firms, this latest incident suggests deeper structural gaps in prevention, detection, and response.
As regulators, law enforcement, and Coupang race to contain the fallout, the breach stands as a warning that cybersecurity must become as central to the nation’s digital future as speed, convenience, and innovation—before another crisis exposes even greater weaknesses.