CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Coupang Data Breach Exposes 33.7 Million Customer Records

First reported
Last updated
2 unique sources, 6 articles

Summary

Hide ▲

Coupang, a South Korean e-commerce platform, confirmed a data breach affecting 33.7 million customers, including names, emails, phone numbers, physical addresses, and order information. The breach, initially detected on June 24, 2025, but discovered on November 18, 2025, was traced to an overseas unauthorized access. The Seoul Metropolitan Police identified a suspect, a former Coupang employee from China, who has left South Korea. The breach did not expose payment information or login credentials. Coupang has blocked the access route and strengthened internal monitoring. The police are investigating potential vishing or smishing activities related to the breach. On December 10, 2025, Coupang's CEO, Park Dae-jun, stepped down, taking full responsibility for the data breach and the company's response. Harold Rogers, the current chief administrative officer and general counsel based in Seattle, has been appointed as interim CEO. The Seoul Metropolitan Police raided Coupang's headquarters on December 9, 2025, to search for internal documents and records related to the breach. South Korea's Personal Information Protection Commission (PIPC) ordered Coupang to revise its liability exemption clause for data breaches and simplify its membership cancellation process. The suspect is a 43-year-old Chinese national who joined Coupang in November 2022 and left in 2024. The police are gathering records such as internal documents, logs, system records, IP addresses, user credentials, and access histories. The incident has sparked high-volume phishing activity in South Korea, affecting roughly two-thirds of its population, and the police have received hundreds of reports of Coupang impersonation since the start of the month. Coupang announced $1.17 billion (1.685 trillion Won) total compensation for the 33.7 million customers affected by the data breach. The compensation will be provided gradually, starting on January 15, 2026, to all Coupang customers, including WOW and non-WOW members, as well as those who canceled their membership. Each customer will receive four single-use purchase vouchers totaling 50,000 won (around $34). Coupang contacted the former employee directly earlier this month, met with them, and recovered their desktop computer's hard drives containing the sensitive data. A MacBook Air laptop belonging to the suspect was recovered from a river, where they disposed of it in an attempt to destroy evidence. The perpetrator accessed 33 million accounts but retained user data from approximately 3,000. The former employee did not transfer any of this data to others and subsequently deleted it from his devices. Investors in Coupang who suffered substantial losses following a cyber-attack are being urged to join plaintiffs in a class action lawsuit led by US-based law firm Hagens Berman. The breach has led to a $1.2bn compensation plan and a loss of over $8bn in market value for Coupang. Hagens Berman is investigating potential security failures made by the retailer, including inadequate protocols that allowed a former employee to retain access to sensitive customer information.

Timeline

  1. 12.12.2025 10:30 4 articles · 1mo ago

    Coupang CEO Resigns and Police Raid Headquarters

    The article supports the existing description and adds that Coupang investors have been urged to join a class action lawsuit by the February 17 lead plaintiff deadline.

    Show sources
    Open in new tab
  2. 01.12.2025 17:45 6 articles · 1mo ago

    Coupang Data Breach Exposes 33.7 Million Customer Records

    The article supports the existing description and adds that the breach has led to a $1.2bn compensation plan and a loss of over $8bn in market value for Coupang. Hagens Berman is investigating potential security failures made by the retailer, including inadequate protocols that allowed a former employee to retain access to sensitive customer information.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Ransomware Attack on Kyowon Group Leads to Data Exfiltration

South Korean conglomerate Kyowon Group confirmed a ransomware attack that occurred on January 2026, resulting in the exfiltration of customer data. The attack impacted approximately 600 out of 800 servers, potentially exposing information from over 9.6 million accounts (5.5 million individuals). The company is investigating the extent of the data leak and working to restore services.

Open in new tab

Former Coinbase Support Agent Arrested for Facilitating Data Breach

A former Coinbase customer support agent was arrested in Hyderabad, India, for assisting hackers in stealing sensitive customer data from a company database in early 2025. The breach exposed personal information of approximately 69,500 customers, including names, dates of birth, partial SSNs, addresses, phone numbers, email addresses, and KYC documents. The hackers demanded a $20 million ransom. The incident involved bribed employees of TaskUs, a customer support outsourcing firm in India. Additionally, a separate scammer, Ronald Spektor, was charged for impersonating Coinbase and stealing $16 million from 100 victims.

Open in new tab

Freedom Mobile Data Breach Exposes Customer Information

Freedom Mobile, a major Canadian wireless carrier, disclosed a data breach where attackers accessed its customer account management platform. The breach, detected on October 23, exposed personal and contact information of an undisclosed number of customers. The attackers used a subcontractor's account to gain access. Freedom Mobile has implemented security measures and advised customers to be cautious of suspicious messages. The carrier has not disclosed the extent of the breach or if a ransom demand was made.

Open in new tab

Four Suspects Arrested for Hacking 120,000 IP Cameras and Selling Stolen Footage

The Korean National Police have arrested four individuals for hacking over 120,000 IP cameras in private homes and commercial facilities. The suspects stole footage and sold it to a foreign adult site. The police are also investigating the website's operators and buyers of the illicit content. The suspects hacked tens of thousands of cameras each, producing and selling illegal sexual videos. Three buyers have been arrested, and the police are collaborating internationally to shut down the platform. Victims have been notified and advised on security measures.

Open in new tab

Conduent Data Breach Affects Millions

Conduent, a business services provider, has confirmed that a data breach in 2024 impacted over 10.5 million individuals. The breach, initially disclosed in January 2025, affected government agencies in multiple US states. The attackers accessed Conduent's network on October 21, 2024, and were evicted on January 13, 2025. The compromised data includes names, addresses, dates of birth, Social Security numbers, health insurance details, and medical information. Conduent serves over 600 government and transportation organizations, and roughly half of Fortune 100 companies. The company has not provided an exact number of affected individuals, but breach notices indicate at least 10.5 million people were impacted, with the largest number in Oregon (10.5 million) and over 4 million in Texas. The Safepay ransomware group claimed responsibility for the attack in February 2025 and claimed to have stolen 8.5TB of data. Conduent provides services to several other states where specific data breach figures aren't published, potentially increasing the actual impact. As of October 24, 2025, there is no evidence that the stolen data has been misused. Additionally, Ingram Micro, a major IT services provider, revealed a ransomware attack in July 2025 that affected over 42,000 individuals. The SafePay ransomware group was behind this attack, claiming to have stolen 3.5TB of documents. The attack triggered a massive outage and highlighted SafePay's growing activity as a significant ransomware threat.

Open in new tab