South Korea’s largest e-commerce company, Coupang, has issued a public apology after a massive data breach compromised the personal information of 33.7 million customer accounts.
Park Dae-jun, the company’s CEO, posted the apology on Coupang’s website on Sunday, expressing regret for the “inconvenience” caused to millions of users.
The breach — one of the biggest in South Korea’s recent history — exposed names, email addresses, phone numbers, shipping addresses, and parts of customers’ order histories. Coupang said payment information and login credentials were not compromised.
According to the company, the unauthorised access began on June 24 through overseas servers and was discovered on November 18. Coupang immediately reported the incident to authorities and is now working with law enforcement and regulators to investigate the breach.
The government convened an emergency meeting on Sunday, with Minister of Science and ICT Bae Kyung-hoon confirming that officials are examining whether Coupang violated personal information protection rules. This comes as South Korea continues to face repeated corporate data breaches, including one recently involving SK Telecom.
Local media reports, including Yonhap News Agency, indicate that a former Chinese employee of Coupang is suspected of involvement, and police investigations are ongoing.
Coupang, known for its popular “Rocket” same-day and next-day delivery service, had 24.7 million active users in the third quarter of 2025.
In response to the breach, the Korea Internet & Security Agency issued a public advisory warning affected users to be wary of phishing attempts.
The company said it regrets the incident and is taking steps to strengthen its security systems to prevent future breaches.
