Coupang, South Korea's leading e-commerce platform, recently disclosed a data breach affecting 33.7 million customer accounts which is equivalent to nearly two-thirds of the Korean population.
This represents the largest e-commerce security incident in South Korea's history and could result in fines of up to $900 million (approximately 1.2 trillion KRW).
This breach exposed vulnerabilities in data protection systems, particularly for e-commerce platforms that handle sensitive data including transaction histories, delivery addresses, and payment methods.
The scale of the incident has raised concerns among customers and industry observers.
Unauthorized Access Undetected for Five Months
On November 29, Coupang confirmed the unauthorized exposure of user names, phone numbers, email addresses, delivery address books, and purchase details.
While the company detected unusual access on November 6 at 6:38 PM KST, it did not fully identify the breach until November 18 at 10:52 PM which is more than 12 days later.
Investigations revealed that attackers had accessed customer data via overseas servers for nearly five months, from June 24 to November 8.
A former Coupang employee has been identified as a prime suspect. The individual had access to authentication services and retained access keys post-resignation, enabling the breach.
Data Not Legally Required to Be Encrypted
... continue reading