- The Coupang breach exposed the PII of 33 million customers, prompting investigations and lawsuits from watchdogs.
- The stolen data includes names, contacts, addresses and orders; passwords and payment information are not affected
- Attack linked to active account of former employee; More than 10,000 people join class-action lawsuit seeking compensation
Coupang, considered the largest e-commerce store in South Korea, confirmed that it suffered a devastating cyberattack in which it lost personally identifiable information (PII) of 33 million customers.
This appears to be one of the largest data breaches in the company’s (and country’s) recent history, prompting investigations from data watchdogs, an official apology from the CEO, and a potential class-action lawsuit.
On Sunday, November 30, Coupang CEO Park Dae-joon posted a letter on the company’s website explaining what happened and apologizing for the incident. According to the letter, the attack began on June 24, 2025, but was detected recently.
Apologies, excuses.
During the intrusion, which lasted “until recently,” anonymous threat actors exfiltrated people’s names, emails, phone numbers, shipping addresses, and specific order information.
While this is more than enough for identity theft or phishing, Dae-joon emphasized that login account information (including customer passwords), payment information or credit card information was not stolen.
In the letter, which is approximately ten sentences long, Park Dae-joon apologized three times.
“Coupang will do its best to prevent further damage in close cooperation with the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet and Security Agency, the National Police Agency and other joint public-private investigation teams,” he added.
At the same time, PakGazette reports that 33 million people are affected and that this may have been the work of a former employee of Chinese origin. The agency cited broadcaster JTBC and said this was the result of an internal investigation. The employee’s account was allegedly not canceled even after they left the company and was later used for the data breach.
PakGazette also said that more than 10,000 people have already expressed interest in joining a class-action lawsuit against the retailer, which could see them pay $68 per person for their loss.
Through PakGazette
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
