Korean gov't confirms 33.67 mil. user info records leaked in Coupang breach

South Korea's Personal Information Protection Commission (PIPC) has officially confirmed a staggering data breach at e-commerce giant Coupang, exposing the personal information of 33.67 million users—nearly two-thirds of the country's population. The incident, first reported last month, involved sensitive details such as names, addresses, phone numbers, and partial payment information, raising alarms about the vulnerability of one of the nation's most trusted online platforms.

The breach stemmed from a vulnerability in Coupang's third-party logistics partner, where hackers accessed customer databases between June and August of last year. PIPC investigators, working alongside the Korea Internet & Security Agency (KISA), verified the leak after dark web samples surfaced online, matching Coupang's user records. Authorities have since notified all affected individuals and urged them to monitor their financial accounts for suspicious activity.

Coupang, valued at over $50 billion and boasting more than 20 million monthly active users in South Korea, issued a statement acknowledging the breach and outlining remedial steps. The company has terminated its relationship with the implicated vendor, enhanced encryption protocols across its systems, and launched a free credit monitoring service for victims. CEO Bom Kim emphasized that no full credit card details were compromised, though the partial data leaked could still fuel phishing and identity theft schemes.

The revelation has ignited a firestorm of criticism toward Coupang's data security practices, with consumer advocacy groups demanding stricter oversight. Lawmakers are pushing for amendments to the Personal Information Protection Act, potentially imposing fines up to 3% of global annual revenue on violators— a penalty that could exceed $1.5 billion for Coupang. This incident echoes previous high-profile leaks, like the 2022 Interpark breach affecting 10 million users, underscoring persistent gaps in Korea's cybersecurity framework amid rapid digital expansion.

Experts warn that the breach could erode consumer confidence in online shopping, a sector that accounts for 30% of retail sales in South Korea. As investigations continue, Interpol has joined forces with Korean police to track the perpetrators, believed to be a sophisticated cybercrime syndicate operating out of Southeast Asia. For now, millions of Koreans are left grappling with the fallout, a stark reminder of the high stakes in the digital age.