Coupang Data Breach Exposes Personal Information of 34 Million South Koreans
A massive data breach at Coupang, South Korea’s leading e-commerce platform, has compromised the personal information of approximately 34 million users – over 90% of the country’s working-age population. The incident, one of the largest data breaches in recent history, has triggered lawsuits, a government investigation, and urgent calls for stricter data security regulations.
The scale of the breach was initially downplayed by Coupang, which first characterized the incident as a limited “exposure” affecting around 4,500 customer accounts. However, the company was compelled to revise that figure dramatically after scrutiny from Korean regulators. As one local news headline succinctly put it, “The Whole Nation Is a Victim.”
Months-Long Infiltration
The unauthorized access began on June 24 and went undetected for nearly five months, finally coming to light on Nov. 18 when a customer reported suspicious activity. According to reports, the alleged perpetrator, a former Coupang software developer specializing in authentication systems, exploited an internal authentication key retained after leaving the company roughly a year ago.
Authorities believe the suspect is a Chinese national who has since returned to China and is currently evading capture. A senior official stated that the individual leveraged overseas servers to mask their activity and maintain access to Coupang’s systems, appearing as an active employee during the infiltration.
Sensitive Data at Risk
The compromised data is exceptionally sensitive, encompassing names, phone numbers, and, alarmingly, even the keycodes to enter residential buildings for a significant portion of South Korea’s adult population. This level of access raises serious concerns about potential identity theft, fraud, and even physical security risks.
Coupang, founded by a Korean-American entrepreneur, is known for its successful U.S. initial public offering several years ago. The company’s response to the crisis has been closely watched, particularly its initial characterization of the incident. Regulators reportedly pressured Coupang to use the term “leak” rather than “exposure,” signaling the severity of the situation.
Implications and Future Security
The incident underscores the growing threat of cybersecurity breaches targeting large corporations and the critical importance of robust data protection measures. Lawmakers are now considering tougher penalties for data leaks and demanding greater accountability from companies handling sensitive user information.
The long delay in detecting the breach also highlights the need for improved monitoring and incident response capabilities. “. This incident serves as a stark reminder of the vulnerabilities inherent in even the most sophisticated systems and the potential consequences of failing to prioritize data security.
