Coupang, South Korea’s largest online retailer, has faced a significant data breach affecting an estimated 33.7 million local customer accounts, representing more than half of the nation’s population. This exposure, which the company became aware of on November 18th, is the latest in a series of data leaks involving major South Korean firms. Coupang initially reported unauthorized access to only about 4,500 accounts but later discovered the much larger scale of the incident, which is believed to have started as early as June through a server based overseas. The company, which is headquartered in the US and has nearly 25 million active users, has offered an apology to its vast customer base for the security failure.
The e-commerce platform confirmed that the data exposed in the incident is limited to customers’ names, email addresses, phone numbers, shipping addresses, and some order histories. Crucially, Coupang assured users that no credit card information or login credentials were compromised, stating these details “remain securely protected.” The firm added that, for now, Coupang users are not required to take any action regarding their accounts. Despite this assurance, the company did issue a warning to its customers to remain vigilant against potential scams impersonating the company, given the vast amount of contact and address details that have been leaked.
The massive scale of the breach has immediately drawn the attention of the country’s regulatory bodies. South Korea’s internet authority announced it is investigating the incident to determine the exact details of the exposure. The Ministry of Science and ICT also stated that authorities are assessing the full scope of the breach and will investigate whether Coupang failed to meet its legal obligations concerning data protection safety rules. Officials warned that the Commission “plans to conduct a swift investigation and impose strict sanctions if it finds a violation of the duty to implement safety measures under the Protection Act” due to the large number of citizens’ contact details and addresses involved.
While Coupang has not officially named the party responsible for the breach, South Korean media outlets have reported suspicions that a former Coupang employee who was based in China may be behind the unauthorized access. The firm only said it did not have details on who was responsible when speaking to the media. This incident further highlights ongoing security challenges for the retailer, as Coupang has dealt with multiple cyber-security breaches in recent years, including a previous incident that resulted in the exposure of data belonging to 460,000 customers.
The breach at Coupang, a company often likened to Amazon.com in the South Korean market, underscores a growing pattern of significant data leaks affecting major corporations in the country, including the incident involving telecommunications giant SK Telecom. As the investigation proceeds, the focus will be on the systemic security failures that allowed the compromise of such a massive number of accounts over a period stretching back several months, as well as the potential legal consequences for the company should authorities find a lapse in data protection protocols.
Reference:
