Coupang Data Breach: 34 Million Customers Affected

Coupang Data Breach Exposes Millions of Customer Records

Coupang, a leading South Korean e-commerce platform, announced a significant data breach impacting approximately 34 million of its Korean customers. The unauthorized access to personal information reportedly occurred over a period exceeding five months.

Initial Detection and Scope of the Breach

The company initially identified the exposure of around 4,500 user accounts on November 18th. However, a more thorough investigation subsequently revealed the scale of the incident to be far greater, compromising roughly 33.7 million customer accounts within South Korea.

Data Affected and Security of Sensitive Information

The compromised data included customer names, email addresses, phone numbers, shipping addresses, and details of past order histories. Importantly, Coupang stated that more sensitive data, such as payment information, credit card numbers, and login credentials, remained secure and was not accessed during the breach.

Reporting and Investigation

Coupang has formally reported the incident to key South Korean authorities, including the Korea Internet & Security Agency (KISA), the Personal Information Protection Commission (PIPC), and the National Police Agency.

Geographic Scope and Service Impact

Coupang, known for its “Rocket Delivery” service in South Korea, also operates a marketplace in Taiwan. A company spokesperson confirmed to TechCrunch that the investigation has not uncovered any evidence of data compromise affecting customers in Taiwan or users of Rocket Now, its food delivery service in Japan.

Timeline and Response Measures

The company believes the unauthorized access began on June 24, 2025, originating from servers located overseas. Coupang immediately took steps to block the access route and enhance internal security monitoring. They also engaged a prominent independent security firm to assist with the investigation.

Suspect Identification

Law enforcement officials have reportedly identified a suspect – a former Chinese employee of Coupang who is currently residing outside of China – following an investigation launched after the initial complaint on November 18th.

Recurring Cybersecurity Issues

This incident represents the latest in a series of cybersecurity challenges faced by South Korea this year. Coupang itself has experienced multiple data breaches in prior years, exposing information belonging to both customers and delivery personnel. Previous leaks occurred between 2020 and 2021, and most recently in December 2023, impacting over 22,000 customers through a compromise of its seller management system.

This article has been updated to include a statement from a Coupang spokesperson.