In the latest data breach incident, Coupang, a prominent South Korean Retailer, has acknowledged a massive data breach that exposed the personal information of 33.7 million customers in South Korea over a period of five months.
This incident first came to light on November 18, 2025 when the company noticed unusual access to about 4,500 customer accounts. Investigation started and they realized that the breach was far bigger. It was found that attackers were active since June 24 through overseas servers.
The stolen PII data includes customer names, phone numbers, email addresses, delivery addresses, and order history. Coupang stressed that payment information and login passwords were not touched, so users don’t need to reset credentials or take any immediate action.
The company says it quickly blocked the unauthorized access, tightened its internal monitoring, and alerted several Korean authorities, including the Ministry of Science and ICT and the Korea Internet Security Agency. Coupang will notify everyone affected by email or text.
In an online apology, CEO Park Dae-Joon said the company takes customer data protection “extremely seriously” and promised stronger safeguards going forward.
Coupang did not share details about who carried out the attack or how they broke in, but Korean media reports suggest that investigators are focusing on a former employee, a Chinese national who has already left the country.
Although best known as a major retailer in South Korea, Coupang is a global technology company incorporated in Delaware and operates in over 190 countries and territories.
