Coupang Suffers One of South Korea’s Largest Data Breaches—And the Suspect May Be a Former Employee
- Cyber Jill
- 2 hours ago
- 3 min read
South Korea’s dominant e-commerce engine, Coupang, has confirmed a sprawling data breach that exposed the personal information of nearly 34 million customers—a staggering incident that appears to have unfolded quietly for more than five months before being detected.
The company initially believed that only a few thousand users had been affected when anomalous access was spotted on November 18. But as investigators dug deeper, a far broader compromise emerged: names, emails, phone numbers, addresses, and fragments of order histories belonging to almost the entire customer base in South Korea had been siphoned off through a long-running intrusion that began in June.
Coupang says financial data, passwords, and payment details were not exposed, but the spill still ranks among the largest privacy incidents in the country’s history. Regulators at the Korea Internet & Security Agency (KISA), the Personal Information Protection Commission (PIPC), and the National Police Agency have been notified, and forensic efforts are still underway.
A Breach With Global Reach—But Local Impact
Despite Coupang’s international footprint—including its Taiwan marketplace and Rocket Now food-delivery service in Japan—the company says the investigation has found no evidence that customer data outside South Korea was compromised.
What investigators have uncovered, according to local media, is a troubling early lead: police have identified a suspect believed to be a former Chinese employee who allegedly accessed Coupang systems from overseas. The breach reportedly exploited existing access tokens, suggesting the attacker leveraged legitimate—but improperly retired—credentials to quietly retrieve data at scale.
Coupang has since shut down the access pathway and engaged an independent security firm to reconstruct the incident timeline and evaluate systemic weaknesses.
Identity: The Soft Underbelly of Modern Retail
With tens of millions of customers relying on Coupang much like Americans rely on Amazon, the incident underscores a glaring reality: when a single platform becomes the default marketplace for a nation, it also becomes a massive, singular point of risk.
Steve Cobb, Chief Information Security Officer at SecurityScorecard, says the breach magnifies how fragile identity governance can be in high-volume commerce ecosystems.
"Coupang’s breach is a reminder of what happens when one retail platform becomes the go-to hub for an entire country’s shopping needs. With tens of millions of customer records tied to names, addresses, and order histories, the company effectively holds a national dataset. That scale of responsibility requires security controls that are as resilient as the amount of sensitive information being managed."
The suspected misuse of leftover employee privileges is likely to spark scrutiny across the industry. Retailers typically manage sprawling networks of delivery partners, third-party vendors, seasonal workers, and automation tools—all of which require controlled, auditable access.
"Reports indicate that a former employee exploited lingering access tokens to extract data, underscoring how identity and access management gaps can quickly spiral into major exposure," Cobb noted. "For a company operating at Coupang’s size, access governance isn’t just a back-office process, it’s a frontline defense. Credentials need to be revoked the moment roles change, and continuous validation must ensure that no dormant accounts remain exploitable."
A Global Retail Warning Shot—Just Before Peak Shopping Season
The breach arrives as retailers worldwide prepare for their busiest—and most targeted—time of year. Attackers routinely exploit the holiday rush when systems run hot, fraud monitoring stretches thin, and organizations are least able to afford downtime.
Cobb warns that what happened in Seoul should not be viewed in isolation.
"This breach isn’t an isolated incident. In the UK alone, several major retail chains and e-commerce providers have recently reported breaches involving payment data, loyalty accounts, and customer identity information. Especially with the retail holiday season upon us, vendor and employee access management must be elevated to the same standard as internal security controls. Continuous monitoring, real-time validation of partner and employee access, and rapid incident response are essential safeguards. Without them, even one overlooked credential or weak external link can put millions of customers at risk and erode trust in the brand.”
A Familiar Pattern in South Korea
This year alone, South Korea has faced multiple high-profile cybersecurity incidents, and Coupang itself has a history of previous leaks—including events in 2020, 2021, and a 2023 seller-system breach impacting more than 22,000 users. The recurrence is likely to intensify regulatory pressure on e-commerce platforms to adopt stronger, continuous access controls and more aggressive anomaly detection.
For now, the company is attempting to reassure customers that the storm is contained. But with tens of millions of Koreans depending on Coupang for near-daily essentials, the breach will almost certainly renew debate about what level of security oversight consumers can—and should—expect from the single platform that underpins so much of the country’s digital commerce.