South Korean authorities have launched a major investigation into a massive data breach at online retail giant Coupang Inc. that potentially exposed approximately 33.7 million user accounts, marking what could be the largest cybersecurity incident in the country's history.
Investigation Reveals Massive Scale
The data breach came to light when police began investigating after receiving a formal complaint from Coupang. While the initial complaint did not name any suspects, subsequent reports from Yonhap News indicated that personal information was allegedly hacked by a Chinese national who previously worked at the company.
In response to the growing crisis, South Korea's Ministry of Science and ICT issued a statement confirming they have formed a joint investigation team to analyze the cause of the incident thoroughly. The breach at the US-listed e-commerce giant highlights the escalating cybersecurity threats facing South Korea, a nation with approximately 51.7 million people.
Timeline of the Security Breach
According to Coupang's official statements, the company first became aware of the security issue on November 18, when they discovered that personal information from about 4,500 accounts had been compromised. The exposed data included sensitive details such as names, email addresses, shipping addresses, and phone numbers.
However, what began as a concerning but limited security incident quickly escalated into a national crisis. A subsequent investigation revealed that the actual scale of the breach was dramatically larger than initially thought, affecting approximately 33.7 million accounts.
The company disclosed that unauthorized access through overseas servers appears to have begun much earlier, on June 24, indicating the security vulnerability had existed for several months before detection.
Broader Cybersecurity Concerns in South Korea
This massive data breach at Coupang underscores a troubling pattern of cybersecurity failures in South Korea. The incident follows several other high-profile data security cases that have raised serious concerns about data protection standards in the country.
Earlier this year, SK Telecom Co., South Korea's largest mobile carrier, was fined $97 million for failing to adequately safeguard customer information and for delayed reporting of security breaches. Other major companies including KT Corp. and Lotte Card Co. have also disclosed significant data leaks in recent months.
The timing of this breach is particularly significant given Coupang's recent growth. The company reported on November 4 that their "product commerce active customers" reached 24.7 million in the third quarter, representing a 10% year-on-year growth.
Company Response and Security Measures
In their emailed statement, Coupang outlined the immediate actions taken to address the security vulnerability. The company confirmed they have blocked the unauthorized access route and strengthened internal monitoring systems to prevent future incidents.
Coupang has issued a formal apology for the security breach and has committed to continuing full cooperation with investigating authorities. The company emphasized its commitment to resolving the situation and implementing stronger security measures to protect user data moving forward.
As the investigation continues, both South Korean authorities and cybersecurity experts are closely examining how such a significant breach could occur and what measures can be implemented to prevent similar incidents in the future.
