Coupang Data Breach Impacts 33 Million Customers in South Korea

A significant data breach at Coupang, South Korea’s leading e-commerce platform, has compromised the personal information of approximately 33 million customers. The revelation was made by Bae Kyung-hoon, the Minister of Science, during a parliamentary session held on December 30, 2023. Bae’s comments follow a separate report by Coupang, which claimed that data from only about 3,000 accounts had been accessed and subsequently deleted by a suspect.

The investigation, conducted by the government alongside private sector entities such as the Personal Information Protection Commission and local police, disclosed that not only names and email addresses were leaked, but also sensitive information including users’ addresses and order details. Bae expressed concern over Coupang’s prior statements, stating, “We cannot agree with that claim,” emphasizing the gravity of the situation.

Coupang has since announced a compensation plan valued at over 1.68 trillion won (approximately $1.17 billion). This initiative aims to provide financial relief to the affected customers, which represent nearly two-thirds of South Korea’s population. Each of the 33.7 million impacted individuals, including current and former users, will receive 50,000 won in discounts and coupons as part of the compensation strategy.

Compensation Plan and Company Response

The compensation will be distributed gradually, beginning on January 15, 2024. The breakdown of the compensation includes 5,000 won for Coupang’s e-commerce platform, 5,000 won for the food delivery service Coupang Eats, 20,000 won for travel products, and 20,000 won for R.LUX luxury beauty and fashion items. Coupang’s interim Chief Executive Officer, Harold Rogers, stated that the company intends to use this incident as a turning point to reinforce its commitment to customer-centric values.

In a recent update, Coupang reported that forensic investigations led them to identify a former employee as the individual responsible for the breach. The company has taken steps to recover the equipment involved in the hacking and has obtained a confession from the suspect. Despite these claims, the South Korean government has dismissed Coupang’s findings as a “unilateral claim,” asserting that the ongoing public-private investigation has yet to reach a definitive conclusion on the matter.

Coupang’s founder, Kim Bom-suk, issued a public apology regarding the incident, acknowledging the distress caused to customers and the broader implications of the data leak. The company faces significant scrutiny as it navigates the aftermath of this breach, with regulators and consumers closely watching its next steps.

The fallout from this event highlights critical issues surrounding data security and consumer trust in the digital age. As the investigation continues, both Coupang and affected customers are left to grapple with the ramifications of this extensive data breach.