"Based on the information provided, it appears malicious actors had unauthorized access to the customer database at Coupang for a while and the company only recently discovered this. South Korea recently overhauled the Personal Information Protection Act (PIPA) which governs and protects personal data collected by both public and private entities. In case of a data breach, the organization is supposed to notify the commission which enforces this act within 24 hours, and in some cases, the affected individuals as well."
"Organizations should not only ensure databases are encrypted using strong algorithms and limited access is provided, they should also monitor for any suspicious activity around it and data exfiltration transactions. There are several ecommerce platforms gaining traction in the U.S. and it is certainly possible that if these companies do not protect their databases, they will face similar breaches."
Coupang discovered unauthorized exposure of customer data on Nov. 18 after an intrusion that persisted for five months. Investigations found approximately 33.7 million South Korean accounts were compromised. Affected information included names, emails, addresses, phone numbers and some order histories; payment data, credit card information, and login credentials were not impacted. South Korea's Personal Information Protection Act requires notifying the enforcement commission within 24 hours of a breach and may require informing affected individuals, with significant penalties including potential imprisonment. Security leaders recommend encrypting databases with strong algorithms, restricting access, monitoring for suspicious activity and data exfiltration, and adopting an assume-you-are-breached mindset with strong detection and privileged-access controls.
Read at Securitymagazine
Unable to calculate read time
Collection
[
|
...
]