South Korea is facing its biggest data breach in over ten years after Coupang, the country’s leading online shopping platform, revealed that the personal information of more than 33 million customers was stolen. The breach, which likely began on June 24, was only discovered by the company on November 18. Since then, the incident has sparked a sharp drop in Coupang’s shares and raised serious concerns about data security in the country.
Authorities are currently investigating how the breach happened. Early findings suggest that a former employee, who worked on the company’s authentication systems, misused an active access key even after leaving the company. This allowed the individual to access sensitive customer information stored on servers outside South Korea. The stolen data reportedly includes names, email addresses, phone numbers, shipping details, and some order histories. However, Coupang confirmed that payment details and login passwords were not part of the leak.
The breach has caused public outrage. Over 10,000 people have expressed their intention to join a class-action lawsuit against Coupang. Legal experts estimate that each affected person could seek compensation of at least 100,000 won, or about $68. Meanwhile, the company, backed by Japan’s SoftBank Group, is under close scrutiny as South Korean police trace IP addresses and check for technical weaknesses that might have allowed the attack.
This is not the only major data breach hitting South Korea recently. In August, SK Telecom, the country’s largest mobile network provider, faced a massive leak affecting nearly 27 million users and was fined nearly 134 billion won ($96.5 million). The South Korean government sees these incidents as signs of deep-rooted problems in how personal information is protected. Presidential chief of staff Kang Hoon-sik highlighted the need to reform the penalty system to better prevent such large-scale breaches in the future.
Despite the concerns, some analysts from J.P. Morgan believe that Coupang’s strong position in the market and the general attitude of Korean consumers toward data leaks might limit the long-term damage. Still, they warn that potential government fines and compensation payouts could cause a significant short-term financial hit.
Coupang was founded in 2010 by Bom Kim, a Korean-American entrepreneur, and has since become a dominant force in South Korea’s e-commerce scene, overtaking traditional family-owned businesses. The company has also grown into other areas like food delivery, streaming services, and financial tech.
As the investigation continues, many are watching closely to see how Coupang responds and whether this breach will lead to stronger data protection measures across South Korea.