CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Coupang Data Breach Exposes 33.7 Million Customer Records

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Coupang, a South Korean e-commerce platform, confirmed a data breach affecting 33.7 million customers, including names, emails, phone numbers, physical addresses, and order information. The breach, initially detected on June 24, 2025, but discovered on November 18, 2025, was traced to an overseas unauthorized access. The Seoul Metropolitan Police identified a suspect, a former Coupang employee from China, who has left South Korea. The breach did not expose payment information or login credentials. Coupang has blocked the access route and strengthened internal monitoring. The police are investigating potential vishing or smishing activities related to the breach.

Timeline

  1. 01.12.2025 17:45 2 articles · 1d ago

    Coupang Data Breach Exposes 33.7 Million Customer Records

    Coupang confirmed a data breach affecting 33.7 million customers, including names, emails, phone numbers, physical addresses, and order information. The breach, initially detected on June 24, 2025, but discovered on November 18, 2025, was traced to an overseas unauthorized access. The Seoul Metropolitan Police identified a suspect, a former Coupang employee from China, who has left South Korea. The police are tracking the suspect and analyzing server logs. Coupang has blocked the access route and strengthened internal monitoring. The police are also preparing to analyze potential vishing or smishing activities related to the breach.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Sotheby's data breach exposes employee financial information

Sotheby's, a leading global auction house, detected a data breach on July 24, 2025, where threat actors stole sensitive employee information, including financial details. The breach was discovered in July 2025, but the investigation took two months to determine the extent of the data stolen and the individuals impacted. The exposed information includes full names, Social Security numbers (SSNs), and financial account information. The total number of impacted individuals remains undisclosed, but at least four individuals in Maine and Rhode Island were affected. Sotheby's has offered a 12-month free identity protection and credit monitoring service through TransUnion to affected employees.

Open in new tab

Storm-2657 Targets University HR Employees in Payroll Hijacking Campaign

A cybercrime gang, Storm-2657, has been targeting university employees in the United States since March 2025 to hijack salary payments. The attackers have successfully compromised 11 accounts at three universities, sending phishing emails to nearly 6,000 email accounts across 25 universities. The campaign, codenamed Payroll Pirates, exploits a lack of multifactor authentication (MFA) or phishing-resistant MFA to compromise Workday accounts and other third-party HR SaaS platforms. The attackers use sophisticated social engineering tactics and adversary-in-the-middle (AITM) links to steal MFA codes, enabling them to gain access to Exchange Online accounts. Once inside, they alter salary payment configurations and redirect payments to accounts under their control. The attackers also create inbox rules to delete incoming warning notification emails from Workday and enroll their own phone numbers as MFA devices for victim accounts. The compromised email accounts are used to distribute further phishing emails, both within the organization and to other universities. The attacks have been ongoing since March 2025, with Microsoft identifying affected customers and providing mitigation guidance. The campaign has been observed targeting a range of U.S.-based organizations, particularly in the higher education sector, and any software-as-a-service (SaaS) platform storing HR or payment and bank account information.

Open in new tab

Boyd Gaming Corporation data breach after cyberattack

Boyd Gaming Corporation, a US gaming and casino operator, disclosed a data breach after threat actors gained access to its systems. The breach resulted in the theft of employee information and data belonging to a limited number of other individuals. The company has engaged external cybersecurity experts and notified law enforcement. The incident has not affected operations, and the company expects its cybersecurity insurance to cover associated costs. Boyd Gaming operates 28 gaming properties across ten states and employs over 16,000 people. The breach was disclosed in a FORM 8-K filing with the SEC. No threat actors have claimed responsibility for the attack.

Open in new tab

FinWise insider breach exposes 689K American First Finance customers' data

A former employee of FinWise Bank accessed sensitive customer files after the end of their employment, impacting 689,000 American First Finance (AFF) customers. The breach, which occurred on May 31, 2024, involved personal data, including full names, and went undetected for over a year. FinWise has strengthened internal controls and is offering credit monitoring services to affected individuals. The breach was discovered on June 18, 2025, and was disclosed in September 2025. The incident has led to multiple class-action lawsuits alleging inadequate encryption and security measures. FinWise Bank partners with AFF to originate and fund loans. The breach was discovered and investigated with the help of external cybersecurity professionals. The exact methods of unauthorized access and the full extent of the exposed data remain undisclosed.

Open in new tab

Healthcare Services Group Data Breach Affects 624,000 Individuals

Healthcare Services Group (HSG) has disclosed a data breach affecting 624,496 individuals. The breach occurred between September 27, 2024, and October 3, 2024, when unauthorized actors accessed and copied files containing sensitive personal information. The compromised data includes names, Social Security numbers, driver’s license numbers, state identification numbers, financial account details, and credentials. HSG has notified affected individuals and is offering credit monitoring and identity restoration services. The company has not disclosed the specific type of cyberattack involved. The breach was detected on October 7, 2024. HSG has secured its systems, mitigated risks, and notified law enforcement and regulators. As of the disclosure, there is no evidence of identity theft or fraud resulting from the breach, but affected individuals are advised to remain vigilant.

Open in new tab