South Korea's Coupang admits breach exposed 33.7M users

South Korea's Coupang admits breach exposed 33.7M users

Briefly

"South Korean retail behemoth Coupang has admitted to a data breach that exposed the personal details of 33.7 million customers, turning the company's famed "Rocket Delivery" logistics empire into an express shipment for personal information. The e-commerce titan, often dubbed the "Amazon of Korea," is South Korea's largest retail platform, logistics operator, and warehousing network - a vertically integrated retail giant whose next-day delivery service, Rocket Delivery, has become shorthand domestically for cardboard boxes arriving before customers have fully remembered ordering anything at all."

"Coupang confirmed the data breach to The Register on Monday. It first detected unauthorized access on November 18, initially tied to just 4,500 customer accounts, before a subsequent investigation revealed that roughly 33.7 million domestic accounts were caught up in a far broader exposure. The breach spans more than half of South Korea's population and includes customer names, email addresses, phone numbers, shipping addresses, partial order histories, and certain delivery metadata."

"Coupang insists the attackers failed to reach login credentials or payment card details, which it says remain "securely protected." In a statement provided to The Register, Marisa Lee, a Coupang spokesperson, outlined the company's response. "Coupang immediately reported the incident to relevant authorities (Police, KISA, PIPC)," Lee said, referring to the National Police Agency, the Korea Internet & Security Agency (KISA), and the Personal Information Protection Commission (PIPC)."