The Coupang data breach has exposed sensitive information linked to 33.7 million customer accounts. The incident highlights serious security lapses inside South Korea’s largest e-commerce platform and raises urgent questions about internal oversight. Coupang now faces regulatory scrutiny as investigators assess how the attacker gained long-term access to core systems.
How the Incident Unfolded
Coupang confirmed that the intrusion began on 24 June 2025 when an unauthorized actor accessed internal systems without authentication. The activity remained undetected for months. The company discovered the breach on 18 November 2025 and immediately blocked the compromised access route. An initial review suggests that a former employee may be responsible for the unauthorized server activity.
The company reported the incident to national authorities and strengthened system monitoring. Regulators launched a formal investigation to determine whether Coupang violated personal-data protection requirements.
What Information Was Exposed
The breach affected data tied to tens of millions of customer accounts. According to Coupang, the exposed records may include:
- Names
- Email addresses
- Phone numbers
- Delivery addresses
- Order-related information
Coupang stated that the breach did not include passwords, payment card details or banking information. Even without financial data, the leaked information creates a significant risk of targeted phishing, identity misuse and social-engineering attacks.
Regulatory and Public Response
South Korea’s Ministry of Science and ICT opened an emergency review following Coupang’s disclosure. Officials want to know whether the company used adequate safeguards for sensitive customer data. The National Police Agency began a parallel investigation focused on the suspected role of the former employee and potential security negligence.
Consumer advocates criticized the company for allowing months of unauthorized access without detection. Security experts noted that the scale of the exposure ranks among the largest data-related incidents in the country’s history.
Potential Risks for Affected Users
The Coupang data breach enables threat actors to craft convincing scams using accurate contact details and delivery information. Attackers may try to impersonate Coupang support agents or send fake shipping updates to lure victims into sharing additional data.
Customers should take several precautions:
- Treat unexpected calls, texts or emails referencing recent orders with caution
- Avoid clicking links claiming to resolve account problems
- Monitor accounts for fraudulent communications
- Enable stronger verification practices whenever possible
These steps help reduce the likelihood of scams that rely on credible personal information leaked during the breach.
Coupang’s Ongoing Response
Coupang increased system monitoring, restricted access to sensitive directories and started a comprehensive audit of access logs. The company also expanded user notifications and urged customers to remain alert to suspicious communication. Internal investigations continue as regulators evaluate potential compliance failures.
Conclusion
The Coupang data breach exposed a massive volume of customer information and revealed critical weaknesses inside the company’s access-control practices. Millions of users now face increased phishing and social-engineering risks. As investigations progress, the incident serves as a reminder that even market-leading platforms must maintain strict internal security to protect user privacy.
0 responses to “Coupang data breach exposes 33.7 million accounts”