Korea’s Coupang says data breach exposed nearly 34M customers’ personal information

South Korean e-commerce platform Coupang over the weekend stated almost 34 million Korean prospects’ private data had been leaked in a knowledge breach that had been ongoing for greater than 5 months.

The corporate stated it first detected the unauthorized publicity of 4,500 person accounts on November 18, however a subsequent investigation revealed that the breach had truly compromised about 33.7 million buyer accounts in South Korea.

The breach affected prospects’ names, e mail addresses, cellphone numbers, delivery addresses and sure order histories, per Coupang. Extra delicate knowledge like cost data, bank card numbers, and login credentials was not compromised and stays safe, the corporate stated.

Coupang stated it has reported the incident to the Korea Web Safety Company (KISA), the Private Data Safety Fee (PIPC), and the Nationwide Police Company.

One in all South Korea’s greatest e-commerce platforms, Coupang additionally gives a quick-commerce service known as “Rocket Supply” within the nation, and in addition operates its market in Japan and Taiwan. A Coupang spokesperson advised TechCrunch that the investigation has discovered no proof that client knowledge from Coupang Taiwan or Rocket Now was affected within the knowledge breach.

“In keeping with the investigation thus far, it’s believed that unauthorized entry to private data started on June 24, 2025, by way of abroad servers,” the corporate stated. “Coupang blocked the unauthorized entry route, strengthened inside monitoring, and retained specialists from a number one impartial safety agency.”

Police have reportedly recognized a minimum of one suspect, a former Chinese language Coupang worker now overseas, after launching an investigation following a November 18 grievance.

That is the newest in a string of cybersecurity incidents in South Korea this yr. Coupang itself has suffered a number of knowledge breaches which have exposed customer and delivery drivers’ information in earlier years. Previous incidents included leaks between 2020 and 2021, and most not too long ago in December 2023, when its vendor administration system compromised the private data of greater than 22,000 prospects.