Massive Payout: Coupang to Distribute $1.17 Billion to 33.7 Million Data Breach Victims

Coupang Announces $1.17 Billion Compensation for Data Breach Victims

South Korea’s leading retailer, Coupang, has unveiled a groundbreaking measure to compensate 33.7 million customers affected by a recent data breach. The company has allocated a total of $1.17 billion (1.685 trillion Won) for those impacted by the security incident, which was brought to light last month.

The compensation package will be rolled out gradually, commencing on January 15, 2026, and will be extended to all Coupang customers, including both WOW and non-WOW members, as well as individuals who have terminated their memberships.

As part of the compensation plan, each customer will receive four single-use purchase vouchers totaling 50,000 won (approximately $34). These vouchers can be redeemed across various Coupang products and services, such as Rocket Delivery, Rocket Overseas, Seller Rocket, Marketplace, Coupang Eats, Coupang Travel products, and R.LUX products.

Coupang’s initiative aims to rebuild customer trust following the data breach incident, which was discovered in mid-November but originated on June 24. The breach, considered one of the most severe in South Korea’s history, exposed sensitive information including names, email addresses, physical addresses, and order details of 33.7 million individuals.

The investigation into the breach has led to the identification of a 43-year-old Chinese national who previously worked in Coupang’s IT department between November 2022 and 2024. The suspect is believed to be the primary perpetrator behind the breach and is currently under police scrutiny.

Recent developments from Coupang reveal that the company has successfully retrieved the suspect’s desktop computer’s hard drives, containing the compromised data. Additionally, a MacBook Air laptop belonging to the suspect was recovered from a river, where it had been disposed of in an attempt to destroy evidence.

Collaborating with investigative firms such as Mandiant, Palo Alto Networks, and Ernst & Young, Coupang has determined that the perpetrator accessed data from 33 million accounts but retained information from only 3,000 of them. Fortunately, there is no evidence to suggest that the suspect transferred or disseminated this data to external parties.

Coupang reassures customers that the compromised data has been securely deleted by the former employee and has not been shared with any unauthorized individuals. The company continues to cooperate with authorities to ensure the incident is thoroughly investigated and resolved.

Enhancing IAM Practices for Better Security

Improving Identity and Access Management (IAM) is crucial for maintaining robust security measures across your organization. Learn how to enhance your IAM strategy with our comprehensive guide.

Discover why traditional IAM methods may fall short in today’s digital landscape, explore best practices for effective IAM implementation, and access a practical checklist for developing a scalable IAM framework.

Access the guide