South Korea’s largest e-commerce company, Coupang, apologised Sunday after a massive Coupang data breach exposed the personal information of more than thirty three million users, prompting regulatory scrutiny and widespread concern among consumers.
The company said the leak involved names, email addresses, phone numbers and shipping details, though payment data and login credentials were not compromised.
“We sincerely apologise once again for causing our customers inconvenience,” Coupang CEO Park Dae-jun said in a statement posted on the company’s website.
Government ministries held an emergency meeting as investigators looked into whether the online retail giant violated national data protection rules.
Coupang, often compared to Amazon for its dominant presence in South Korea’s digital marketplace, discovered the breach on November 18 and reported it to authorities, company officials said.
The firm has nearly twenty five million active commercial users and runs the country’s largest quick delivery service, known as Rocket Delivery.
According to information revealed over the weekend, the Coupang data breach is believed to have started on June 24 through unauthorized access routed via overseas servers.
A former Chinese employee is suspected of involvement, according to reports by Yonhap News Agency, which said police opened an investigation after the company filed a complaint earlier this month.
The Ministry of Science and ICT is now evaluating whether the company failed to maintain adequate safeguards.
“We are reviewing the matter thoroughly and assessing any possible violations of personal information protection standards,” ICT Minister Bae Kyung hoon said during Sunday’s briefing.
The Korea Internet & Security Agency issued a public advisory urging affected users to watch for phishing attempts, warning criminals may exploit leaked information to impersonate companies or government officials.
Cybersecurity analysts called the Coupang data breach one of the most significant in the country’s online commerce sector.
Experts said the incident highlights weaknesses in internal monitoring systems, particularly in companies with large operational footprints.
“Breaches of this scale rarely happen overnight. They usually involve long term access that goes unnoticed,” said Kim Ji-won, a Seoul based cybersecurity consultant who advises major tech firms.
“If the intrusion began in June, it suggests there were blind spots in Coupang’s security protocols.” Experts also stressed that although financial information was reportedly not compromised, the leaked data still carries serious risks.
“Names, phone numbers and shipping addresses can be weaponised for targeted scams,” said Lee Chan seok, professor of information systems at Korea University. “This increases the likelihood of spear phishing attempts, identity misuse and fraud.”
Analysts also noted that global retailers increasingly rely on distributed workforces and contractors, which raises the challenge of securing data access across borders.
“Anytime a former employee is potentially involved, it shows how insider threats remain one of the hardest vulnerabilities to manage,” Lee added.
The Coupang data breach ranks among the largest corporate cyber incidents in South Korea’s history. In 2014, three major credit card companies suffered breaches involving more than one hundred million accounts.
More recently, a leading mobile carrier disclosed a leak affecting millions of users in 2023. Compared with those incidents, analysts say the Coupang case could have broader implications because of the company’s deep integration into daily life.
Surveys by research firm OpenSurvey show that more than eight in ten South Korean consumers place at least one order on Coupang each month.
Coupang reported thirty three point seven million accounts were affected. By contrast, online marketplace 11st documented a breach last year impacting fewer than five million users, and most local grocery delivery platforms have never reported incidents of comparable size.
KISA data shows South Korea logged more than forty five thousand cyber intrusion cases in the past year, a figure that has risen steadily as digital services expand.
For many South Koreans, the Coupang data breach feels personal because of the company’s widespread use for household purchases, groceries and daily essentials.
“I check Coupang almost every day. My entire purchase history is there,” said Park Soo-mi, a parent in Incheon who has used the platform for more than five years. “I’m worried someone could use my information to track where I live.”
Small business owners who rely on Coupang for deliveries also expressed concerns. “We depend on Rocket Delivery for urgent supplies,” said Kim Eung-ho, who runs a café in Busan. “If customers lose trust in the platform, it could hurt everyone in the ecosystem.”
Some consumers questioned whether companies should retain customer data for long periods. “If order histories were exposed, it means they store a lot of information.
Maybe it’s time for stricter rules on how long companies can keep it,” said Seoul based office worker Choi Mi-ra. Others urged calm, noting that payment information was not accessed.
“Data breaches happen everywhere these days. As long as financial information is safe, I’m not panicking,” said Jun Tae-ho, a college student in Gwangju.
Authorities said the investigation could take weeks as they assess Coupang’s handling of the incident and review server data logs.
Regulators may also demand structural changes if they determine that data protection rules were violated.
Legal experts said potential penalties could involve fines, restrictions on data retention practices or mandatory security upgrades.
“If negligence is found, the government has the authority to impose corrective orders,” said attorney Ha Yun-seok, who specializes in technology law.
Coupang has begun reinforcing internal systems and said it is cooperating fully with investigators. The company also notified users through email and app alerts.
Analysts expect the incident to accelerate calls for stricter cybersecurity regulations across South Korea’s digital economy.
“Large platforms that gather massive amounts of personal information are likely to face expanded oversight,” said cybersecurity consultant Kim Ji-won.
The Coupang data breach has placed South Korea’s most influential online retailer under intense scrutiny as regulators, customers and cybersecurity experts assess how personal information belonging to thirty three point seven million users was exposed.
While no financial data was compromised, the incident has renewed concerns about digital security in one of the world’s most connected nations.
Investigations continue as authorities work to determine what protections failed and what steps are required to prevent similar breaches in the future.
Your article helped me a lot, is there any more related content? Thanks!