South Korean e-commerce giant Coupang revealed that personal information of nearly 34 million customers in South Korea was exposed in a data breach that lasted more than five months.
The company initially detected unauthorized access to about 4,500 user accounts on November 18, 2025. However, a deeper investigation showed that the breach actually affected around 33.7 million customer accounts.
Exposed data includes customers’ names, email addresses, phone numbers, shipping addresses, and some order histories. Coupang confirmed that more sensitive information, such as payment details, credit card numbers, and login credentials, was not affected and remains secure.
Coupang has reported the incident to the Korea Internet Security Agency (KISA), the Personal Information Protection Commission (PIPC), and the National Police Agency.
The e-commerce platform, known for its “Rocket Delivery” service, also operates in Japan and Taiwan. A company spokesperson told TechCrunch that the investigation found no evidence of data being compromised in Coupang Taiwan or Rocket Now.
Coupang believes the unauthorized access began on June 24, 2025, through overseas servers. The company has blocked the access route, strengthened internal monitoring, and engaged experts from a leading independent security firm.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Police have identified at least one suspect, a former Chinese Coupang employee now abroad, following an investigation triggered by the November 18 complaint.
