South Korean e-commerce platform Coupang over the weekend mentioned almost 34 million Korean clients’ private data had been leaked in a data breach that had been ongoing for greater than 5 months.
The corporate mentioned it first detected the unauthorized publicity of 4,500 consumer accounts on November 18, however a subsequent investigation revealed that the breach had truly compromised about 33.7 million buyer accounts in South Korea.
The breach affected clients’ names, electronic mail addresses, cellphone numbers, delivery addresses and sure order histories, per Coupang. Extra delicate knowledge like cost data, bank card numbers, and login credentials was not compromised and stays safe, the corporate mentioned.
Coupang mentioned it has reported the incident to the Korea Web Safety Company (KISA), the Private Info Safety Fee (PIPC), and the Nationwide Police Company.
Certainly one of South Korea’s greatest e-commerce platforms, Coupang additionally presents a quick-commerce service referred to as “Rocket Supply” within the nation, and likewise operates its market in Japan and Taiwan. A Coupang spokesperson informed information.killnetswitch that the investigation has discovered no proof that client knowledge from Coupang Taiwan or Rocket Now was affected within the data breach.
“Based on the investigation to date, it’s believed that unauthorized entry to private data started on June 24, 2025, by way of abroad servers,” the corporate mentioned. “Coupang blocked the unauthorized entry route, strengthened inner monitoring, and retained consultants from a number one impartial security agency.”
Police have reportedly recognized at the very least one suspect, a former Chinese language Coupang worker now overseas, after launching an investigation following a November 18 grievance.
Techcrunch occasion
San Francisco
|
October 13-15, 2026
That is the most recent in a string of cybersecurity incidents in South Korea this 12 months. Coupang itself has suffered a number of data breaches which have uncovered buyer and supply drivers’ data in earlier years. Previous incidents included leaks between 2020 and 2021, and most just lately in December 2023, when its vendor administration system compromised the private data of greater than 22,000 clients.
