CEO Expresses Regret; Government Investigates Possible Safety Rule Violations; Names, Emails, Phone Numbers, and Shipping Addresses Exposed
Seoul – South Korea’s largest online retailer, Coupang, publicly apologized on Sunday after the personal information of 33.7 million customer accounts was compromised in a massive data breach. In a statement posted on the company’s website, CEO Park Dae-jun said, “We sincerely apologize once again for the inconvenience caused to our customers.” Often referred to as the “Amazon of South Korea,” Coupang is widely used across the country, particularly for its fast Rocket delivery service.
The company reported that it first detected the breach on November 18 and immediately informed the authorities. Coupang said it is cooperating fully with law enforcement and regulatory agencies. According to the company, it had 24.7 million active commercial users in the third quarter of 2025.
FCRF Launches Flagship Compliance Certification (GRCP) as India Faces a New Era of Digital Regulation
Security analysts estimate that if the average value of each affected customer’s personal and transactional data is 10,000 to 15,000 INR, the total financial impact of the breach could reach approximately INR 3,370 crore.
Method of Breach and Exposed Data
Coupang confirmed that the breach involved customers’ names, email addresses, phone numbers, shipping addresses, and certain order histories. Payment details and login credentials were not affected, the company clarified. Unauthorized access reportedly began on June 24, via overseas servers.
According to Yonhap News Agency, a former Chinese employee of Coupang is suspected of involvement in the breach. The company has filed a complaint with local police, and authorities are actively investigating.
Government Response and Regulatory Review
The South Korean government held an emergency meeting on Sunday to assess whether Coupang had violated personal information protection regulations. Science and ICT Minister Bae Kyung-hoon told the media that relevant authorities are reviewing the matter thoroughly.
The government also issued a public advisory, warning affected users to remain vigilant against phishing scams and suspicious communications.
Rising Data Breaches in South Korea
This incident marks another in a series of data leaks affecting major South Korean companies. In recent years, telecom giant SK Telecom and others have also experienced breaches. Experts attribute the increasing frequency to inadequate digital security measures and reliance on overseas servers.
Lessons for Consumers and Corporates
Security experts advise consumers to use strong passwords, enable two-factor authentication, and remain cautious of suspicious emails or links. Companies are urged to invest in data encryption, regular security audits, and employee cybersecurity training.
Coupang’s CEO added that the company will implement additional protective measures to safeguard customers and prevent future incidents.
Impact and Future Steps
The breach not only exposed sensitive customer data but also raised questions about security standards in South Korea’s e-commerce and digital payment sectors. Analysts note that, if evaluated in financial terms, the breach could result in losses of around INR 3,370 crore.
Coupang continues to work with authorities, and the government and regulatory agencies are expected to release a comprehensive report with recommendations in the near future.
