South Korean ecommerce giant Coupang suffers huge data breach - over 33 million accounts affected, here's what we know

News
By published

Coupang customers are considering a class-action lawsuit

Dark Web monitoring
(Image credit: Adobe)
  • Coupang breach exposed PII of 33 million customers, sparking watchdog inquiries and lawsuits
  • Data stolen includes names, contacts, addresses, and orders; passwords and payment info unaffected
  • Attack linked to ex-employee’s active account; 10,000+ join class-action seeking compensation

Coupang, widely considered to be the biggest ecommerce store in South Korea, has confirmed suffered a devastating cyberattack in which it lost personally identifiable information (PII) on 33 million customers.

This appears to be one of the biggest data breaches in the company’s (and the country’s) recent history, sparking data watchdog inquiries, an official apology from the CEO, and a possible class-action lawsuit.

On Sunday, November 30, Coupang CEO Park Dae-joon published a letter on the company’s website, explaining what had happened, and apologizing for the incident. As per the letter, the attack started on June 24, 2025, but was only recently spotted.

Apologies, apologies

During the intrusion, which lasted “until recently”, the unnamed threat actors exfiltrated people’s names, emails, phone numbers, shipping addresses, and specific order information.

While this is more than enough for identity theft, or phishing, Dae-joon stressed that login account information (including customer passwords), payment information, or credit card information, was not stolen.

In the letter, which is roughly ten sentences long, Park Dae-joon apologized three times.

“Coupang will do its best to prevent further damage in close cooperation with the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet & Security Agency, the National Police Agency, and other public-private joint investigation teams,” he added.

At the same time, Reuters reports that 33 million people are affected, and that this may have been the work of a former employee of Chinese origin. The agency cited broadcaster JTBC, and said that this was the result of an internal investigation. Allegedly, the employee’s account was not terminated even after they left the company, and was later used for data exfiltration.

Reuters also said that more than 10,000 people have already expressed interest in joining a class-action lawsuit against the retailer, which could see them paid $68 per person for their loss.

Via Reuters

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.