- Coupang breach exposed PII of 33 million customers, sparking watchdog inquiries and lawsuits
- Data stolen includes names, contacts, addresses and orders; passwords and payment information unaffected
- Attack linked to former employee’s active account; 10,000+ join class action seeking compensation
Coupang, widely considered to be the largest e-commerce store in South Korea, has confirmed that it suffered a devastating cyber attack in which it lost the personally identifiable information (PII) of 33 million customers.
This appears to be one of the biggest data breaches in the company’s (and the country’s) recent history, prompting inquiries about data watchdogs, an official apology from the CEO and a possible class action lawsuit.
On Sunday, November 30, Coupang CEO Park Dae-joon published a letter on the company’s website explaining what had happened and apologizing for the incident. According to the letter, the attack started on June 24, 2025, but was only discovered recently.
Sorry, sorry
During the intrusion, which lasted “until recently,” the unnamed threat actors exfiltrated people’s names, emails, phone numbers, shipping addresses and specific order information.
While this is more than enough for identity theft or phishing, Dae-joon emphasized that login account information (including customer passwords), payment information, or credit card information was not stolen.
In the letter, which is about ten sentences long, Park Dae-joon apologized three times.
“Coupang will do its best to prevent further damage in close cooperation with the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet & Security Agency, the National Police Agency and other public-private joint investigation teams,” he added.
At the same time, Pakinomist states that 33 million people are affected, and that it may be a question of a former employee of Chinese origin. The agency quoted broadcaster JTBC as saying this was the result of an internal investigation. Allegedly, the employee’s account was not terminated even after they left the company and was later used for data exfiltration.
Pakinomist also said more than 10,000 people have already expressed interest in joining a class action against the retailer, which could see them pay $68 per person for their losses.
Via Pakinomist
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
