A masked hacker wearing a beanie operates a laptop,surrounded by a digital HUD interface with binary code, graphs, and a world map.The scene represents cybersecurity threats,hacking and data breaches.
Coupang, South Korea’s leading e-commerce platform, has confirmed a major data breach that has compromised the personally identifiable information (PII) of over 33 million customers. This incident, one of the largest data breaches in the company’s history, has prompted investigations by regulatory authorities, a public apology from the CEO, and the potential for a class-action lawsuit.
The breach was first detected on June 24, 2025, but details of the incident have only recently come to light. In a letter posted on the company’s website on November 30, 2025, Coupang’s CEO, Park Dae-joon, expressed regret over the situation and outlined the nature of the attack. According to the letter, hackers accessed sensitive data including names, email addresses, phone numbers, shipping addresses, and order histories.
Despite the severity of the breach, Park emphasized that login credentials, payment information, and credit card details were not compromised. This aspect is crucial in mitigating the potential for identity theft, which often arises from such data breaches.
Details of the Intrusion
The cyberattack is believed to have been executed by individuals connected to a former employee. Reports suggest that the employee’s account remained active even after their departure, allowing unauthorized access to the company’s systems. As the Reuters news agency reported, this breach has raised significant concerns among customers and regulators alike.
Park Dae-joon’s letter included multiple apologies, reflecting the gravity of the situation. He stated, “Coupang will do its best to prevent further damage in close cooperation with the Ministry of Science and ICT, the Personal Information Protection Commission, and the National Police Agency.” This cooperation is intended to ensure that measures are taken to enhance data security and prevent future incidents.
The breach has ignited outrage among customers, with more than 10,000 individuals indicating their intent to participate in a class-action lawsuit against Coupang. Each participant could potentially receive $68 in compensation for the incident, highlighting the financial impact this breach may have on the company.
Regulatory Response and Future Implications
The incident has drawn scrutiny from various watchdog organizations, instigating inquiries into Coupang’s data protection practices. As the e-commerce giant continues to assess the fallout, it faces the challenge of restoring customer trust while navigating the legal ramifications of the breach.
Coupang’s prominence in South Korea’s retail market makes this incident particularly significant, both for the company and for the broader e-commerce landscape. As the situation unfolds, stakeholders will be closely monitoring Coupang’s response and the effectiveness of its measures to enhance cybersecurity.
This breach serves as a stark reminder of the vulnerabilities inherent in digital commerce and the critical importance of robust data protection protocols. As companies increasingly rely on technology for business operations, the need for stringent cybersecurity measures has never been more pressing.
