On November 29, 2025, e-commerce giant Coupang confirmed a massive data breach that exposed personal information from approximately 33.7 million customer accounts.
Initially the company reported about 4,500 affected accounts, but a subsequent investigation revealed a scale of data exposure nearly 7,500 times greater.
The compromised data includes names, email addresses, phone numbers, delivery addresses, and some order history details.
Coupang assures that payment data, credit card information and login credentials (passwords) were not exposed.
According to the company, unauthorized access began via overseas servers on June 24, 2025 and remained undetected until November 18.
After discovery, Coupang blocked the access route, reinforced internal monitoring, and reported the incident to law enforcement as well as data protection authorities.
Earlier in 2025 another major data leak affected South Korean telecom giant SK Telecom — but the scope of the Coupang breach surpasses previous incidents.
Given that Coupang is one of South Korea’s largest online retailers, the breach likely touched nearly the entire customer base.
Consequences may be long-lasting: even basic personal data can be used for phishing, fraud, or targeted social-engineering attacks — even though financial data wasn’t compromised.
If you ever used Coupang’s services — watch out for suspicious calls, SMS or emails. Compromised personal info can be weaponized for fraud. The company is under investigation, but reputational damage and loss of trust may be irreversible. It’s a wake-up call for stricter standards in data security and user protection.
