South Korea’s largest online retailer has confirmed a massive data breach.Data from around 33.7 million customers was exposed, affecting almost 50 percent of the population.
Details
📁 What was leaked: Names, email addresses, phone numbers, delivery addresses and parts of order histories. Especially sensitive: many customers store door codes and other access details for delivery.
👮 Insider under investigation: Investigators believe the breach was carried out by a former Coupang employee with Chinese citizenship. The suspect has reportedly already left the country, making prosecution more difficult.
🕒 Five months undetected: According to Coupang, the unauthorized access began in June 2025 via overseas servers. Initially only 4,500 accounts were flagged as compromised, later it turned out to be 33.7 million.
💳 Payment data not affected: Coupang says credit-card information, bank details and log-in credentials were not compromised. Still, authorities warn of targeted phishing and fraud attempts using the stolen contact information.
⚖️ Regulators under pressure: The Ministry of Science, the Personal Information Protection Commission and the police have set up a joint taskforce. If Coupang violated security requirements, it could face heavy fines and class-action lawsuits.
🧾 2025 — Korea’s record year for data leaks
- A series of failures: SK Telecom, KT, Lotte Card and crypto exchanges such as Upbit have already reported major leaks this year.SK Telecom was fined nearly 100 million USD for missing security requirements and reporting incidents too late.
- Systemic weakness: Regulators criticize that many conglomerates pour billions into logistics, platforms and growth, but treat cybersecurity as a cost center. Investment levels and defense systems remain far below US standards.
The China Survival Guide for Western Businesses
Entity setup, WeChat strategy, hiring your first local team. 12+ years on the ground in Shanghai.
