South Korean e-commerce giant Coupang has confirmed a major data breach affecting approximately 34 million of its Korean customers. The incident, which spanned over five months, compromised personal details including names, email addresses, phone numbers, shipping addresses, and order histories.
Breach Timeline and Scope
Coupang initially detected suspicious activity on November 18, 2025, when about 4,500 user accounts were found to have been accessed without authorization. However, a deeper investigation revealed the actual scale of the breach: 33.7 million customer records were exposed. The company asserts that sensitive financial data – such as payment information and login credentials – was not affected.
Response and Investigation
Coupang has reported the incident to South Korean authorities, including the Korea Internet & Security Agency (KISA), the Personal Information Protection Commission (PIPC), and the National Police Agency. According to the company, unauthorized access originated from overseas servers starting around June 24, 2025. Coupang states it has since blocked the access route and enhanced its security monitoring with the help of external experts.
Suspect Identified
Law enforcement has identified a former Chinese employee of Coupang, currently residing abroad, as a suspect in the breach. The police investigation began following Coupang’s initial complaint in November.
Recurring Security Issues
This breach is not an isolated incident for Coupang. The company has experienced multiple data leaks in recent years, including incidents in 2020–2021 and a more recent compromise of over 22,000 customers’ information in December 2023. The repeated breaches raise concerns about Coupang’s long-term cybersecurity posture. The company operates not only in South Korea but also in Japan and Taiwan, though it claims the latest breach did not affect data from those regions.
The incident underscores the growing threat of cyberattacks targeting e-commerce platforms and the critical need for robust data protection measures. As digital transactions increase, so does the risk of large-scale data breaches, making proactive security essential for both businesses and consumers.
