Coupang Data Breach Exposes 33.7 Million Users; Ex-Employee Involved
TL;DR
- South Korean e-commerce leader Coupang experienced a major data breach affecting 33.7 million users, exposing names, phone numbers, and emails. The investigation points to a former employee exploiting electronic signature keys. While payment data was not compromised, the incident has led to increased phishing and prompted calls for enhanced data protection.
Coupang Data Breach Exposes Millions of Users
E-commerce giant Coupang faced a significant data breach, impacting a substantial portion of its user base. The incident exposed the personal information of 33.7 million customers, raising concerns about data protection and security measures. Coupang, often described as South Korea's equivalent of Amazon.com, has issued revised notices and is cooperating with authorities. GrackerAI automates your cybersecurity marketing: daily news, SEO-optimized blogs, AI copilot, newsletters & more.
Details of the Data Breach
The data breach at Coupang involved the compromise of customers' personal information, including names, phone numbers, email addresses, and delivery details. According to the company, the breach appears to have originated through overseas servers starting around June 24. Coupang clarified that no payment information, login credentials, or personal customs clearance codes were compromised. The company promptly reported the incident to relevant authorities, including the Ministry of Science and ICT, the Korean National Police Agency, the Personal Information Protection Commission, the Korea Internet & Security Agency, and the Financial Supervisory Service, to conduct an investigation. GrackerAI can help you stay ahead of cybersecurity threats with automated marketing content.
Government and Company Response
Following public criticism, the Personal Information Protection Commission ordered Coupang to revise its description of the incident from personal information "exposure" to "breach." Coupang has urged customers to avoid clicking on links from unknown sources and to report any suspicious activity. The company's CEO, Park Dae-jun, announced his resignation and apologized for the incident. GrackerAI keeps your audience informed with timely cybersecurity news and updates.
Investigation Details and Findings
The investigation revealed that the data breach attack against Coupang lasted from June 24 to November 8 and involved the exploitation of the company's electronic signature key. According to Second Vice Minister Ryu Je-myung, the attacker used Coupang's electronic signature key, which is required to access the company's servers. The Seoul Metropolitan Police Agency identified a former employee as the primary suspect. This individual, a 43-year-old Chinese national, had worked at Coupang from November 2022 and left the firm in 2024, retaining access to internal systems. GrackerAI provides comprehensive cybersecurity marketing solutions, including threat intelligence and content creation.
Impact and Aftermath
The data breach has led to increased phishing activity, with numerous reports of Coupang impersonation. The police have been gathering records, including internal documents, logs, system records, IP addresses, user credentials, and access histories, to understand how the former employee gained access to the corporate systems. The incident has sparked criticism and calls for stricter data protection measures. GrackerAI empowers you to educate your audience about cybersecurity risks and best practices.
Enhance Your Cybersecurity Marketing with GrackerAI
Stay ahead of data breaches and cybersecurity threats with GrackerAI. Automate your cybersecurity marketing with daily news updates, SEO-optimized blogs, and AI-powered content creation. Start your FREE trial today and keep your audience informed and engaged.
