0
A text message notification sent by Coupang to customers informing them of the personal data breach is shown on November 30. / Source: Yonhap News

A massive security breach at Coupang, South Korea’s largest e-commerce platform, has exposed personal information from approximately 33.7 million user accounts over a period of five months. The scale surpasses the 23.24 million-person data leak at SK Telecom, previously the largest such incident on record.

Coupang said on November 30 that it confirmed the breach the previous day and immediately notified the Ministry of Science and ICT, the Personal Information Protection Commission and other relevant authorities. Affected customers were also alerted without delay.

The unauthorized transfer of customer data is believed to have taken place through overseas servers starting around June 24. Exposed information includes names, email addresses, phone numbers, delivery addresses and certain order details. The company stressed that no payment information, credit-card data or login credentials were compromised.

The Ministry of Science and ICT announced the launch of a government–private joint investigation team to conduct a thorough probe. The team will examine how the large-scale leak occurred, assess whether additional harm was done to consumers, and devise measures to prevent similar breaches in the future.

Earlier, Coupang identified a smaller breach affecting around 4,500 people on November 18 and reported it to authorities. On November 25, the company also filed a complaint with the Seoul Metropolitan Police Agency’s cybercrime unit. The leaked data is believed to have been taken by a former Coupang employee of Chinese nationality.

Before entering a meeting of the joint investigation team at the Seoul Government Complex on November 30, Coupang CEO Park Dae-joon bowed deeply for nearly 10 seconds in apology. “We sincerely apologize to Coupang customers and the public for causing concern through this incident,” he said.