Massive Data Breach at Retail Titan Coupang Affects 33.7 Million Customers

The Coupang Data Breach: What You Need to Know

Recently, South Korea’s leading retailer, Coupang, found itself at the center of a major data breach that exposed the personal information of a staggering 33.7 million customers.

The breach, which occurred on June 24, 2025, was only discovered and reported by Coupang on November 18, 2025, raising concerns about the security measures in place to protect customer data.

Coupang’s public statement revealed that unauthorized access to personal information was initially detected in the accounts of approximately 4,500 customers, but further investigation unveiled the exposure of information from 33.7 million accounts.

While the investigation is ongoing, the confirmed customer information that was exposed includes full names, phone numbers, email addresses, physical addresses, and order details. Fortunately, sensitive payment information such as credit card data and passwords remained secure and was not compromised.

Coupang, a prominent U.S.-based tech and online retail company operating in South Korea, has an extensive workforce of 95,000 employees and boasts an annual revenue exceeding $30 billion.

The company has taken swift action by reporting the breach to relevant authorities, including the National Police Agency, the Personal Information Protection Commission, and the Korea Internet & Security Agency. Affected individuals will also receive notifications via email or SMS.

Customers whose information was exposed are advised to stay vigilant against potential fraudulent activities, such as unauthorized calls, texts, or emails impersonating Coupang.

Despite the breach, Coupang has not disclosed details regarding the nature of the attack or the identity of the perpetrators. As of now, no cybercriminals have claimed responsibility for the breach.

Reports from Korean Herald’s The Investor suggest that the breach may have been orchestrated by a former employee who exploited unrevoked access tokens to access sensitive data from Coupang’s systems. However, these claims remain unverified by independent sources.

Second Cybersecurity Incident in South Korea

The Coupang data breach marks the second significant cybersecurity incident to rock South Korea this year. In April, SK Telecom, the country’s largest mobile network operator, disclosed a breach that exposed sensitive USIM data due to a malware infection affecting its networks.

SK Telecom confirmed that the malware infection, which originated three years ago in June 2022, impacted a total of 27 million subscribers, encompassing its entire customer base.

Is your Identity and Access Management (IAM) strategy strong enough to withstand modern cybersecurity threats? Learn how to build a robust IAM framework with our comprehensive guide.

Discover why traditional IAM practices fall short in today’s digital landscape, explore best practices for effective IAM implementation, and access a practical checklist for enhancing your IAM strategy.

Access the guide