South Korea’s largest retailer, Coupang, has suffered a data breach that uncovered the non-public data of 33.7 million prospects.
The agency has warned on its Korean-language website that the incident occurred on June 24, 2025, nevertheless it solely found it and started the investigation on November 18, 2025.
“On November 18, 2025, Coupang turned conscious of unauthorized entry to private data associated to the accounts of roughly 4,500 prospects,” reads the general public assertion.
“Because of follow-up analysis, we discovered that the data of 33.7 million accounts was uncovered.”
Though the investigation continues to be ongoing, buyer data confirmed to be uncovered contains full names, cellphone numbers, electronic mail addresses, bodily addresses, and order data.
Coupang famous that fee data, together with bank card knowledge and account data comparable to passwords, was not uncovered.
Coupang is a U.S.-based tech and on-line retail firm that operates within the South Korean market. It employs 95,000 folks and has an annual income of over $30 billion.
The corporate has already reported the incident to the relevant authorities within the nation, together with the Nationwide Police Company, the Private Info Safety Fee, and the Korea Web & Safety Company. Impacted people may even learn through electronic mail or SMS.
Coupang famous that prospects whose data was uncovered ought to stay vigilant for calls, texts, and different communications impersonating the retail large.
The corporate didn’t share any details about the kind of assault and who the perpetrators is perhaps, and by publication time, no cybercriminals had assumed accountability for the assault.
Korean Herald’s The Investor studies that the breach was carried out by a former worker, who used unrevoked entry tokens to steal delicate knowledge from Coupang’s methods. Nevertheless, BleepingComputer has not been in a position to corroborate these particulars independently.
The Coupang breach is the second massive-scale cybersecurity incident in South Korea this 12 months.
In April, SK Telecom, the nation’s largest cell community operator, warned prospects that delicate USIM knowledge had been uncovered because of a malware an infection impacting its networks.
The corporate later confirmed that the preliminary an infection started three years in the past, in June 2022, affecting a complete of 27 million subscribers, which corresponded to its complete buyer base.
Damaged IAM is not simply an IT drawback – the influence ripples throughout your entire enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM seems like, and a easy guidelines for constructing a scalable technique.
