The Korean e-commerce platform Coupang has identified a significant data breach that impacted nearly 34 million customer profiles within the country.

Initially, the company noticed unauthorized access to about 4,500 user accounts on November 18. Following a comprehensive investigation, it was determined that approximately 33.7 million customer records were compromised over a period of five months.

Details of the Breach and Investigation

Customer data included names, email addresses, phone numbers, shipping addresses, and order histories, but credit card information remained protected. Coupang reported the incident to relevant regulatory bodies such as KISA, PIPC, and the National Police Agency.

While the investigation is ongoing, a suspect has been identified—a former Chinese employee of Coupang who is currently based overseas. Coupang stated that there was no evidence suggesting that data from Coupang Taiwan or Rocket Now had been compromised.

The breach began on June 24, 2025, through external servers and Coupang responded by securing the access route and enhancing internal monitoring. They also consulted with independent security experts for assistance.

This incident follows a pattern of data breaches in South Korea involving multiple high-profile sectors like credit card companies, telecoms, tech startups, and government agencies. Coupang has faced similar issues before, having suffered data leaks that impacted both drivers and customers from 2020 to 2021 and another breach in December 2023.