- The Coupang breach exposed the personal information of 33 million customers, triggering investigations and prosecutions by watchdogs.
- Stolen data includes names, contacts, addresses and orders; passwords and payment information are not affected
- Attack linked to the active account of a former employee; More than 10,000 people join class action lawsuit seeking compensation
Coupang, widely considered South Korea’s largest e-commerce store, has confirmed that it suffered a devastating cyberattack in which it lost personally identifiable information (PII) on 33 million customers.
This appears to be one of the largest data breaches in the company’s (and the country’s) recent history, sparking investigations by data watchdogs, a formal apology from the CEO, and a possible class-action lawsuit.
On Sunday, November 30, Coupang CEO Park Dae-joon posted a letter on the company’s website, explaining what happened and apologizing for the incident. According to the letter, the attack began on June 24, 2025, but was only spotted recently.
Apologies, excuses
During the intrusion, which lasted “until recently,” the anonymous threat actors exfiltrated people’s names, email addresses, phone numbers, shipping addresses, and specific order information.
While this is more than enough for identity theft or phishing, Dae-joon stressed that login information (including customer passwords), payment information, or credit card information was not stolen.
In the letter, which is about ten sentences long, Park Dae-joon apologized three times.
“Coupang will do its best to prevent further damage in close cooperation with the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet and Security Agency, the National Police Agency and other public-private joint investigation teams,” he added.
At the same time, PK Press Club reports that 33 million people are affected, and that it could be the work of a former employee of Chinese origin. The agency cited broadcaster JTBC and said this was the result of an internal investigation. The employee’s account was allegedly not closed even after he left the company and was subsequently used for data exfiltration.
PK Press Club also said that more than 10,000 people have already expressed interest in joining a class-action lawsuit against the retailer, which could see them pay $68 per person for their loss.
Via PK Press Club
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
