South Korea’s e-commerce giant Coupang confirms data breach affecting 33.7 million users – what was compromised

South Korea’s largest online retailer, Coupang, issued a public apology on Sunday after a massive data breach exposed the personal details of 33.7 million customers. The company confirmed that unauthorised access to its systems led to the leak of sensitive user information.

What did the Coupang chief say?

Park Dae jun, chief executive of the e-commerce giant often likened to Amazon in South Korea, posted an apology on the firm’s website, expressing regret for the distress caused to customers. He said the company is working closely with police and regulators as investigations continue.

Government launches investigation

The breach has prompted an emergency government meeting, with the Ministry of Science and ICT reviewing whether Coupang violated national data protection rules. Minister Bae Kyung-hoon said officials are assessing the company’s security practices and compliance with personal information safeguards.

Details of the Coupang data breach

Coupang revealed that it discovered the breach on 18 November and immediately notified authorities. The retailer said customer names, phone numbers, email addresses, shipping details and parts of order histories were compromised. Payment information and login credentials were not affected.

The unauthorised access is believed to have begun on 24 June and was carried out through overseas servers, according to the company.

Former employee suspected

Local media outlet Yonhap reported that police are investigating a former Chinese employee of Coupang in connection with the incident. The company has reportedly filed a complaint with law enforcement, although no further details have been made public.

Wider concerns over corporate security

The intrusion adds to a growing list of data leaks affecting major South Korean firms, including telecoms operators. Cybersecurity officials have warned that incidents of this scale highlight persistent vulnerabilities across corporate networks.

The government has urged affected customers to remain alert to phishing attempts and suspicious messages. Officials advised users to monitor accounts carefully and to avoid clicking on unknown links.

(With inputs from Reuters)