A data breach at Coupang that exposed the information of 33.7 million customers has been tied to a former employee who retained access to internal systems after leaving the company.
This was shared by the Seoul Metropolitan Police Agency with local news outlets, following an investigation that included a raid on the firm's offices earlier this week.
Coupang is South Korea's largest online retailer, employing 95,000 people and generating annual revenue of over $30 billion.
On December 1, 2025, the company announced that it had suffered a data breach that exposed the personal data of 33.7 million customers, including names, email addresses, physical addresses, and order information.
The breach occurred on June 24, 2025, but Coupang only discovered it on November 18, when it also launched an internal investigation.
On December 6, Coupang published an update on the incident, assuring its customers that the stolen information had not been leaked anywhere online.
Despite these assurances and the company's claimed full collaboration with the authorities, the police raided the company's offices on Tuesday to collect evidence for an independent investigation.
On Wednesday, the company's CEO, Park Dae-Jun, announced his resignation and apologized to the public for failing to stop what is the country's worst cybersecurity breach in history.
As the police continued their investigations in Coupang's offices for a second day, they uncovered that the primary suspect was a 43-year-old Chinese national who was a former employee of the retail giant.
According to JoongAng, the man, who joined Coupang in November 2022, was assigned to an authentication management system and left the firm in 2024. He is believed to have already left the country.
... continue reading