US-listed ecommerce giant Coupang (NYSE: CPNG), one of South Korea’s largest online retailers, has disclosed a five-month-long data breach involving the personal information of 33.7 million customers in Korea.
The incident, the company says, came to light on November 18, when it “became aware of unauthorized personal data access” to roughly 4,500 customer accounts.
“Subsequent investigation has revealed that the extent of customer account exposure is about 33.7 million accounts, all in Korea,” a Coupang spokesperson told SecurityWeek.
The company has revealed that a threat actor gained access to customers’ personal information on June 24, 2025, “via overseas servers”.
Coupang says it immediately blocked the unauthorized access, improved internal monitoring, and notified the relevant authorities in Korea, including the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet Security Agency, and the National Police Agency.
During the five-month window, the threat actors accessed customer names, email addresses, shipping addresses, phone numbers, and order history.
“No payment details, credit card numbers, or login credentials were exposed so no account action is required from Coupang users at this time,” the company said.
In an incident notice on its website, the company said it would notify all affected individuals via email or text message.
“Protecting all customer information is Coupang’s top priority. Coupang takes this obligation very seriously and maintains comprehensive data protection and security measures and processes,” Coupang CEO Park Dae-Joon said in an apology message.
What the company did not say was who was responsible for the data breach or how the intruders gained access to its systems.
According to Yonhap News Agency, a former Coupang employee is the main suspect in the investigation. The individual, a Chinese national, has reportedly left the country.
While it is mainly known in South Korea, Coupang is a technology and Fortune 150 company incorporated in Delaware that operates in 190 countries and territories globally.
Related: Asahi Data Breach Impacts 2 Million Individuals
Related: Spanish Airline Iberia Notifies Customers of Data Breach
Related: 146,000 Impacted by Delta Dental of Virginia Data Breach
Related: Alumni, Student, and Staff Information Stolen From Harvard University
