Coupang’s Massive Data Leak Exposes 33.7 Million Customers

30 November 2025

The online marketplace Coupang widely regarded as South Korea’s answer to Amazon has issued a public apology after revealing that data tied to 33.7 million customer accounts was exposed in what is now being described as one of the worst security failures in the country’s e-commerce history.

In a sober statement shared on November 30, 2025, CEO Park Dae-jun acknowledged the breach and expressed regret for any distress caused to users. He affirmed that the company is cooperating fully with law enforcement and regulatory bodies as investigations proceed.

Coupang says it discovered the unauthorized access on November 18. But internal logs suggest the intrusion may have started as far back as June 24. Records show a breach originating from overseas servers granted outsiders access to customer data. The compromised information includes customers’ names, email addresses, phone numbers, shipping addresses, and parts of their order history. Importantly according to the company payment information and login credentials were not exposed.

The scale of the breach has stunned observers. With nearly 34 million accounts affected roughly matching the country’s adult population, the fallout could be massive. For many, routine orders, account activity and personal details are now potentially in the hands of strangers.

Authorities already suspect a former employee reportedly Chinese who may have continued to access the system illegally after leaving the firm. Investigators believe the ex-employee exploited a still-active authentication key to breach user data.

Meanwhile, the technical failures have drawn sharp criticism. Officials from the Ministry of Science and ICT have confirmed that an emergency government meeting was called to assess whether Coupang violated data-protection laws and to determine whether the company’s cybersecurity protocols were sufficient.

The breach has triggered warnings from the Korea Internet & Security Agency urging affected users to watch out for phishing scams or suspicious messages, a common tactic used when hackers exploit leaked personal data.

A wave of concern is sweeping through the user base. Many are scrambling to change email passwords, monitor banking and delivery notifications, and remain alert for unusual activity. For some, this leak threatens to upend years of online history with a retailer many considered reliable.

Coupang’s data breach adds to a growing trend of high-profile leaks in South Korea’s corporate sector. Only months ago, a similar breach struck a major telecom operator, eroding public trust in corporate data stewardship.

Wider implications are now emerging. Analysts warn that this incident could reshape consumer behavior in South Korea, driving demand for stronger privacy protections and legislation. Others suggest a surge in lawsuits. Already, local media reports that over 10,000 users are considering joining a class-action suit against Coupang, seeking compensation per affected account.

For Coupang, the damage extends beyond user trust. Its stock dropped roughly nine percent in pre-market trading after the breach announcement, a clear financial blow reflecting shaken investor confidence.

At its core, this breach raises fundamental questions about the nature of trust in the digital age. When consumers click “buy now,” they expect infrastructure, convenience, and above all protection of their personal data. The collapse of that promise erodes not just company reputation but confidence in the system itself.

Experts warn that data leaks such as this one could have ripple effects from identity theft and phishing scams to wider social distrust in e-commerce platforms. There is growing pressure on regulators to enforce stricter data security standards and to hold companies accountable for lapses.

For millions of users, the incident is a wake-up call. It underscores the fragility of modern convenience and the hidden costs behind rapid delivery, one-click purchases, and vast digital footprints. The convenience of ordering groceries, clothing, and electronics also comes with responsibility and sometimes, risk.

As investigations continue and potential legal action looms, one thing is clear: this breach may mark a turning point for data security in South Korea and beyond. The question is whether it will lead to meaningful change or simply become another footnote in the growing story of corporate data failure.