South Korea: Data breach exposes 33.7 million Coupang accounts

Coupang, South Korea’s leading e-commerce platform, admitted on 30 November 2025 that a recent data breach exposed 33.7 million user accounts. Initial assessments had suggested that only 4,500 accounts were affected. The stolen data includes users’ names, email and postal addresses, phone numbers, and order histories. According to the company, no financial information or passwords were compromised.

According to a South Korean news agency, investigators did not detect any malware within the company’s information systems. Suspicion has turned instead to a former Chinese employee who reportedly left the country. “We have identified the IP address used by the suspect and are currently searching for them,” said a police official involved in the investigation.

South Korea has faced several major data breaches in 2025, including one targeting telecom operator SK Telecom, which resulted in the theft of personal information belonging to 27 million citizens. In August 2025, a South Korean court imposed a record fine of 134 billion won (€78 million) on the company for failing to meet basic cybersecurity requirements.

Coupang may now face similar consequences. “Given that the breach involves the contact information of a large number of citizens, the Commission intends to conduct a swift investigation and impose strict sanctions if it identifies any failure to implement the security measures required under the data protection law,” said Bae Kyung-hoon, Minister of Science and ICT, following an emergency meeting.