South Korean e-commerce giant Coupang has revealed a massive data breach that exposed the personal information of nearly 34 million customers, marking one of the largest cybersecurity incidents in the country this year.
The company initially discovered unauthorized access affecting 4,500 user accounts on November 18. However, a deeper investigation uncovered that around 33.7 million customer accounts in South Korea had been compromised over a period spanning more than five months.
Related: South Korea’s Bone AI Pushes Into “Physical AI” With $12M Seed And Bold Defense Ambitions
According to Coupang, the leaked information includes customers’ names, email addresses, phone numbers, shipping addresses and portions of their order history. The company emphasized that sensitive data such as payment details, credit card numbers and login credentials were not affected.
Coupang has since reported the breach to the Korea Internet Security Agency (KISA), the Personal Information Protection Commission (PIPC) and the National Police Agency. The company also confirmed that customers in other markets, including Taiwan and Japan, were not impacted.
“According to the investigation so far, it is believed that unauthorized access to personal information began on June 24, 2025, via overseas servers,” Coupang said. The company added that it has blocked the intrusion path, enhanced internal monitoring and brought in external security experts to support the investigation.
Authorities have reportedly identified at least one suspect: a former Chinese employee of Coupang who is currently abroad. The investigation was launched following a formal complaint filed on November 18.
This incident adds to a growing list of cybersecurity breaches in South Korea this year. Coupang itself has experienced multiple data leaks in the past, including incidents between 2020 and 2021 and another in late 2023 that exposed the data of more than 22,000 customers through its seller management system.
