Close Menu
Cybercrime and Ransomware

Coupang Data Breach Exposes Personal Data of 33.7 Million Customers

Staff WriterBy No Comments4 Mins Read1 Views

Summary Points

  1. Nearly 33.7 million Coupang users’ personal data, including names, contact details, and order history, was leaked due to a security breach traced back to a former employee with unrevoked access credentials.
  2. The breach, which began in June 2025 and remained undetected for months, did not impact sensitive financial information such as credit card details or passwords.
  3. The attack exploited valid cryptographic signing keys left active after the employee’s departure, highlighting a failure in Coupang’s identity and access management protocols.
  4. Regulatory fines could reach up to 1 trillion won ($680 million), making this one of the largest penalties in South Korea’s history, while the company is notifying affected users and cooperating with authorities.

Underlying Problem

Recently, Coupang, South Korea’s leading e-commerce platform, experienced a massive data breach affecting around 33.7 million users—almost their entire customer base. This incident happened because a former employee, who still had access rights, exploited unrevoked internal credentials to infiltrate the system. Although sensitive financial information like credit card numbers and passwords remained safe, personal details such as names, phone numbers, emails, addresses, and order histories were compromised. The breach started on June 24, 2025, but went unnoticed for months until abnormal activity was detected in November. An internal investigation then revealed that the attacker, believed to be the former staff member of Chinese nationality, used valid cryptographic keys that were not revoked after his departure to remotely access Coupang’s systems.

This security lapse underscores a major failure in Coupang’s identity management protocols. According to Rep. Choi Min-hee, the company failed to revoke critical keys associated with the former employee, allowing him to generate access tokens and bypass security measures. Currently, police are analyzing logs and working with international agencies to trace the attacker’s IP address. Meanwhile, Coupang has begun notifying affected customers, but the fallout could be financially devastating. Under South Korea’s data protection laws, the company risks a fine up to 1 trillion won ($680 million), which could surpass previous record penalties. Ultimately, this incident raises serious questions about cybersecurity practices and the importance of strict access controls in protecting user data.

Potential Risks

The Coupang data breach, which exposed the personal data of 33.7 million customers, illustrates how such incidents can happen to any business. When a company’s data is compromised, sensitive customer information becomes vulnerable. As a result, trust diminishes, and customers may turn away. Moreover, legal penalties and regulatory fines follow, increasing costs. Damage to reputation can be long-lasting, affecting sales and brand image. Cybercriminals often exploit security gaps, and without proper safeguards, your business becomes an easy target. Ultimately, these breaches lead to financial losses, legal troubles, and a loss of customer confidence—risks that any business must work hard to avoid.

Possible Next Steps

Timely remediation in the wake of a major data breach like the one involving Coupang is crucial to limit harm, protect customer trust, and comply with regulatory standards. Rapid action can reduce vulnerabilities, prevent further exploitation, and demonstrate an organization’s commitment to security and accountability.

Containment Measures

  • Isolate affected systems to prevent the spread of the breach.
  • Disable compromised accounts or access points.

Investigation & Analysis

  • Conduct a thorough forensic analysis to understand breach vectors.
  • Identify all compromised data and affected systems.

Notification and Communication

  • Notify impacted customers and relevant authorities promptly.
  • Provide clear guidance on protective actions customers can take.

Remediation Actions

  • Patch exploited vulnerabilities or implement stronger security controls.
  • Reset passwords and strengthen access management protocols.

Monitoring & Verification

  • Increase monitoring for suspicious activity.
  • Verify that vulnerabilities are fully addressed and no residual threats remain.

Policy & Training Updates

  • Review and revise security policies as needed.
  • Train staff on new security practices and breach response procedures.

Continue Your Cyber Journey

Explore career growth and education via Careers & Learning, or dive into Compliance essentials.

Explore engineering-led approaches to digital security at IEEE Cybersecurity.

Disclaimer: The information provided may not always be accurate or up to date. Please do your own research, as the cybersecurity landscape evolves rapidly. Intended for secondary references purposes only.

Cyberattacks-V1cyberattack-v1-multisource

Share.
Avatar photo

John Marcelli is a staff writer for the CISO Brief, with a passion for exploring and writing about the ever-evolving world of technology. From emerging trends to in-depth reviews of the latest gadgets, John stays at the forefront of innovation, delivering engaging content that informs and inspires readers. When he's not writing, he enjoys experimenting with new tech tools and diving into the digital landscape.

Related Posts

Comments are closed.