Coupang to pay almost $1.2 billion in compensation for data breach

News
By published

Not everyone is happy with the settlement

Representational image of a cybercriminal
Image Credit: Pixabay (Image credit: Pixabay)
  • Coupang breach exposed data of 33.7M customers, one of South Korea’s largest cyberattacks
  • Company offers $35 vouchers as compensation, usable only on Coupang services
  • Lawmakers and consumer groups criticize settlement as marketing, police launch investigation

In South Korea, people’s personal information is worth roughly the same as a meal in a sit-down restaurant - around $35. Or at least, that's what the latest data breach settlement suggests.

South Korean e-commerce behemoth Coupang announced it would settle with 33.7 million customers whose data it lost in a recent cyberattack. In November 2025, an unnamed threat actor broke into Coupang’s IT infrastructure and exfiltrated people’s names, emails, phone numbers, shipping addresses, and specific order information.

The attack is widely considered as among the biggest ones in the country’s history, triggering law enforcement investigations, and threats of class-action lawsuits.

A "ridiculous" idea

Now, Coupang announced a compensation deal worth 1.69 trillion won, or roughly $1.18 billion. As per the deal, each customer will get a voucher for 50,000 won, which converts to $34.6 at press time. Funny enough, the vouchers can only be spent at Coupang, meaning that after removing any margins, the cost to the company will be even lower.

This angered some lawmakers in the country even more. Reuters reports that Choi Min-hee, a lawmaker of the ruling Democratic Party and chair of the National Assembly's Science, ICT, Broadcasting and Communication committee, said in a Facebook post that Coupang was "bundling coupons for services no one uses".

She also said the company is trying to turn a crisis into a business opportunity.

Consumer advocacy group Korea National Council of Consumer Organizations said Coupang's plan ridicules the victims and downplays the importance of the breach. It described the settlement as a “marketing tool” built to fuel more sales, rather than actually compensating the victims.

Less than two weeks after the breach, the police sent 17 investigators to conduct a search and seizure at the company’s Songpa-gu offices. As per the local media, “this search and seizure is an essential measure to accurately understand the case,” and “to comprehensively investigate the overall facts of the case, including the leaker of personal information, the route of the leak, and the cause.”

Via Reuters

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.