Data Breaches

Personal Information of 33.7 Million Stolen From Coupang

Names, addresses, email addresses, and phone numbers were compromised in a five-month-long data breach.

Coupang data breach

US-listed ecommerce giant Coupang (NYSE: CPNG), one of South Korea’s largest online retailers, has disclosed a five-month-long data breach involving the personal information of 33.7 million customers in Korea.

The incident, the company says, came to light on November 18, when it “became aware of unauthorized personal data access” to roughly 4,500 customer accounts.

“Subsequent investigation has revealed that the extent of customer account exposure is about 33.7 million accounts, all in Korea,” a Coupang spokesperson told SecurityWeek.

The company has revealed that a threat actor gained access to customers’ personal information on June 24, 2025, “via overseas servers”.

Coupang says it immediately blocked the unauthorized access, improved internal monitoring, and notified the relevant authorities in Korea, including the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet Security Agency, and the National Police Agency.

During the five-month window, the threat actors accessed customer names, email addresses, shipping addresses, phone numbers, and order history.

Advertisement. Scroll to continue reading.

“No payment details, credit card numbers, or login credentials were exposed so no account action is required from Coupang users at this time,” the company said.

In an incident notice on its website, the company said it would notify all affected individuals via email or text message.

“Protecting all customer information is Coupang’s top priority. Coupang takes this obligation very seriously and maintains comprehensive data protection and security measures and processes,” Coupang CEO Park Dae-Joon said in an apology message.

What the company did not say was who was responsible for the data breach or how the intruders gained access to its systems.

According to Yonhap News Agency, a former Coupang employee is the main suspect in the investigation. The individual, a Chinese national, has reportedly left the country.

While it is mainly known in South Korea, Coupang is a technology and Fortune 150 company incorporated in Delaware that operates in 190 countries and territories globally.

Related: Asahi Data Breach Impacts 2 Million Individuals

Related: Spanish Airline Iberia Notifies Customers of Data Breach

Related: 146,000 Impacted by Delta Dental of Virginia Data Breach

Related: Alumni, Student, and Staff Information Stolen From Harvard University

Related Content

Cybercrime

The D1R cybercrime group claimed to have stolen valuable data from Synopsys and Bosch, threatening to leak it unless a ransom is paid. 

Data Breaches

The WorldLeaks extortion group claimed to have stolen 720 GB of data from the healthcare testing and laboratory services provider.

Data Breaches

Hackers exploited a zero-day vulnerability in a third-party system to access a KDDI email system for ISPs.

Data Breaches

Hackers accessed the institution’s internal network and deleted two drives containing employee, student, and university data.

Data Breaches

The professional services giant says it contained the incident, remediated its source, and experienced no operational or service delivery impact.

Cybercrime

In April, ShinyHunters accessed the company’s corporate IT systems and stole patients’ personal and medical information.

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Data Breaches

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version