Coupang Data Breach Widens: 165,000 Additional Users Compromised in South Korea's Largest Cyberattack
South Korea's leading e-commerce platform, Coupang, has officially confirmed that the personal data of an additional 165,000 users was compromised in what is now recognized as the country's most extensive hacking incident, initially reported in November. This latest revelation significantly escalates the scale of the cybersecurity disaster, bringing the total number of affected accounts to approximately 33.8 million. This staggering figure represents nearly two-thirds of South Korea's entire population, highlighting the profound impact of the breach on national digital security.
Investigation Uncovers More Victims, No New Attack Detected
According to a detailed report by the international news agency Reuters, Coupang Korea has clarified that these newly-identified victims were not part of a fresh cyberattack. Instead, they were uncovered during an ongoing, government-led investigation into the massive breach that shook the nation late last year. The discovery underscores the complexity and depth of the intrusion, as authorities continue to piece together the full extent of the damage.
What Personal Information Was Leaked in the November Hack?
In the initial disclosure made in November, Coupang stated that sensitive personal information, including users' names, phone numbers, and delivery addresses entered into address books, was stolen by hackers. The company has consistently reiterated that no payment details, login credentials, email addresses, or order histories were compromised in the attack. As a gesture of apology and goodwill, Coupang plans to issue a 50,000 won purchase voucher, equivalent to approximately $35, to every affected account holder, aiming to mitigate some of the distress caused by the data exposure.
Regulatory Crackdown and International Fallout
Meanwhile, the regulatory response to the breach has intensified, with South Korean authorities conducting police raids and tax audits on Coupang. This aggressive crackdown has sparked a significant international reaction from Washington. U.S. investors have filed arbitration claims under the KORUS Free Trade Agreement, accusing the Seoul government of "discriminatory treatment" against an American-listed firm. The dispute highlights the growing tensions between corporate accountability and international trade relations in the wake of major cybersecurity incidents.
Leadership Under Fire and Legal Repercussions
As Coupang cooperates with the ongoing probe, its leadership has come under heavy scrutiny and criticism. Harold Rogers, the interim American CEO of Coupang's local unit in South Korea, was recently summoned for police questioning regarding allegations of evidence tampering, adding another layer of controversy to the situation. South Korean President Lee Jae-myung has labeled the breach a "wake-up call" for the nation, advocating for the maximum legal penalty. This could potentially cost Coupang over 1 trillion won, or $680 million, which amounts to about 3% of its annual revenue, signaling a stern warning to corporations about data protection responsibilities.
