South Korean e-commerce platform Coupang announced over the weekend that the personal information of approximately 34 million Korean customers had been compromised in a data breach that had been going on for more than five months.
The company first discovered the breach of 4,500 user accounts on November 18, but announced that a subsequent investigation revealed that the breach actually compromised approximately 33.7 million customer accounts in South Korea.
According to Coupang, the breach affected customers' names, email addresses, phone numbers, shipping addresses, and certain order history. More sensitive data such as payment information, credit card numbers and login credentials were not compromised and remain secure, the company said.
Coupang said it reported the incident to the Korea Internet Security Agency (KISA), the Personal Information Protection Commission (PIPC), and the National Police Agency.
Coupang, one of South Korea's largest e-commerce platforms, offers a quick commerce service called “Rocket Delivery” in the country and also operates marketplaces in Japan and Taiwan. A Coupang spokesperson told TechCrunch that an investigation found no evidence that consumer data from Coupang Taiwan or Rocket Now was affected by the data breach.
The company said, “According to our investigation so far, it appears that unauthorized access to personal information began on June 24, 2025, via an overseas server.'' “Coupang has shut down unauthorized access routes, strengthened internal monitoring, and hired experts from a leading independent security firm.”
Police have reportedly identified at least one suspect after launching an investigation following a November 18 complaint. The suspect is a former Chinese Coupang employee who is currently overseas.
tech crunch event
San Francisco | October 13-15, 2026
This is the latest in a series of cybersecurity incidents to occur in South Korea this year. Coupang itself has suffered several data breaches in the past few years that exposed customer and delivery driver information. Past incidents include breaches from 2020 to 2021, and most recently in December 2023, when a merchant management system compromised the personal information of more than 22,000 customers.