Coupang Apologizes After Data Breach Exposes 33.7 Million Customer Records

South Korea's largest e-commerce company, Coupang, has apologized after disclosing a data breach that exposed personal information for about 33.7 million customer accounts registered in South Korea. The company operates its global headquarters from Seattle.

The compromised information includes customers' names, email addresses, phone numbers, shipping addresses and portions of order histories. Coupang said payment card numbers, login credentials and other highly sensitive payment details were not affected.

"We express regret over the recent incident ... we apologize for causing inconvenience and concern," Coupang CEO Park Dae-jun said in the company's statement.

According to Coupang, unauthorized access appears to have begun on June 24 via overseas servers and was discovered in November. Investigators suspect the breach may have been carried out by a former employee. Coupang said it blocked the access route, strengthened internal monitoring and retained experts from an independent security firm to assist the investigation.

The company initially detected the issue after finding 4,500 exposed user accounts. A deeper investigation later determined that 33.7 million accounts had been affected — all registered in South Korea.

Cooperation and next steps

Coupang said it is working closely with multiple government and industry bodies, including the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet & Security Agency and the National Police Agency, along with public-private investigation teams. The company also said it is reviewing changes to its data security systems to better protect customer information.

Customers are advised to review their account activity, be alert for phishing attempts, and follow any guidance from Coupang. While the company maintains sensitive payment details were not exposed, monitoring financial statements and changing account passwords are prudent steps.

This is not the first time Coupang has faced data security issues; the company previously disclosed a breach affecting roughly 460,000 customers. The investigation into the current incident is ongoing.