Coupang disclosed a five-month data breach that exposed the personal information of nearly 34 million South Korean customers.
South Korean e-commerce giant disclosed a data breach affecting nearly 34 million customers, exposing personal information over a period of more than five months.
“According to the investigation so far, it is believed that unauthorized access to personal information began on June 24, 2025, via overseas servers,” the company announced. “Coupang blocked the unauthorized access route, strengthened internal monitoring, and retained experts from a leading independent security firm.” the company added.
Coupang is South Korea’s leading e‑commerce and logistics platform, often dubbed “Korea’s Amazon”. In 2024 it generated about $30.3 billion in revenue, with Q3 2025 net revenues of $9.3 billion, up 18% year-on-year. It employs roughly 60–65,000 people globally and reported around 24.7 million active customers.
The company initially detected unauthorized access to 4,500 accounts on November 18, but an investigation later confirmed that about 33.7 million customer accounts in South Korea were affected. Exposed data included names, emails, phone numbers, shipping addresses, and some order histories. The company noted that no sensitive information, such as payment data, credit card numbers, or login credentials, was compromised.
Coupang notified Korea Internet & Security Agency (KISA) and the National Police Agency, and reported the incident to the national data protection authority of South Korea, the Personal Information Protection Commission (PIPC).
Coupang said the breach did not impact customer data from its Taiwan marketplace or Rocket Now, its food delivery service in Japan.
Deputy Prime Minister and ICT Minister Bae Kyung-hoon held an emergency meeting with key government officials in Seoul on Sunday.
“Starting today, we will intensify monitoring to prevent any secondary damage from the incident for the next three months,” Bae said.
Police have identified a suspect, a former Chinese Coupang employee who has since left the country, and launched an investigation after receiving a complaint on November 18.
This breach adds to a series of cybersecurity incidents in South Korea. Coupang has faced multiple security incidents, including exposures of customer and driver data from 2020–2021 and a December 2023 data breach affecting over 22,000 customers.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)