South Korean e-commerce giant Coupang has disclosed a large-scale data breach that exposed the personal information of approximately 33.7 million users.
The company announced over the weekend that it first became aware of unauthorized access to a subset of customer data on November 18, initially involving around 4,500 accounts. However, a follow-up investigation revealed that the actual scope of the breach was far more severe, ultimately affecting tens of millions of customers. The incident is currently under investigation, with Coupang cooperating with local authorities, including the National Police Agency, the Personal Information Protection Commission, and the Korea Internet & Security Agency (KISA).
According to Coupang’s official disclosure, the compromised data includes:
- Customer names
- Phone numbers
- Email addresses
- Order history
- Delivery addresses
The company emphasized that no payment information or login credentials, such as passwords or credit card details, were exposed in the breach. Customers identified as affected have been notified via SMS or email.
Coupang, often referred to as “the Amazon of South Korea,” operates one of the largest online retail platforms in the country, serving millions of users daily with its ultra-fast delivery services. With its substantial footprint in South Korea’s digital economy and recent expansion efforts into markets such as Taiwan and the US, the breach raises serious concerns about data security practices at a company of its scale.
The breach timeline dates back to June 24, 2025, though it remained undetected for several months. Coupang has not yet confirmed the exact duration of the exposure, as the forensic investigation remains ongoing. At this stage, there are no confirmed reports of secondary misuse of the data, such as identity theft or fraud. However, the company warns customers to remain vigilant against phishing attempts or scam messages impersonating Coupang representatives.
This incident follows a similarly massive breach disclosed earlier this year by SK Telecom, the country’s largest mobile carrier, which revealed in May 2025 that 27 million USIM records had been exfiltrated over a multi-year compromise. That breach involved sophisticated malware and stealthy backdoors that infected SKT’s infrastructure undetected for nearly three years.
Coupang’s breach affects over 65% of South Korea’s population, making this one of the largest single data exposures in the country’s history.
Leave a Reply