Insider Threat: Former Employee’s Access Leads to Coupang Data Breach

Data Breach at Coupang Exposes Information of 33.7 Million Customers

A significant data breach at Coupang, South Korea’s largest online retailer, has resulted in the exposure of personal information belonging to 33.7 million customers. The breach has been linked to a former employee who retained access to internal systems even after leaving the company.

The Seoul Metropolitan Police Agency revealed this information to local news outlets after conducting an investigation that included a raid on Coupang’s offices. The breach, which occurred on June 24, 2025, was only discovered by the company on November 18, prompting an internal investigation.

Coupang, with a workforce of 95,000 employees and annual revenue exceeding $30 billion, announced the breach on December 1, 2025. The exposed data includes names, email addresses, physical addresses, and order information of the affected customers.

Despite Coupang’s assurance that the stolen information had not been leaked online, the police conducted a raid on the company’s offices to gather evidence for an independent investigation. Subsequently, the CEO, Park Dae-Jun, resigned and apologized to the public for failing to prevent the cybersecurity breach.

The primary suspect in the data breach is reported to be a 43-year-old Chinese national who was a former employee of Coupang. The individual, who worked at the company from November 2022 to 2024, is believed to have left the country. The police have been collecting evidence, including internal documents and system records, to determine how the suspect gained unauthorized access to the corporate systems.

As the investigation unfolds, Coupang faces the possibility of legal repercussions if negligence or other violations are uncovered. The incident has led to a surge in phishing activities in South Korea, with many instances of Coupang impersonation reported to the authorities.

See also  Secure Your Cloud Data: Utilize Microsoft 365 Access Reviews to Prevent Leaks

The police have emphasized that Coupang is considered the victim in this case, but any negligence on the part of the company or its employees responsible for customer data protection may lead to legal consequences. Meanwhile, the incident has triggered a wave of phishing attempts affecting a large portion of the population in South Korea.

Enhance your IAM strategy to safeguard your business from potential threats. Learn how modern IAM practices can address security challenges effectively.

Discover what constitutes effective IAM, understand the shortcomings of traditional approaches, and access a comprehensive guide to building a scalable IAM strategy.

Access the Guide