Home / Business and Economy / South Korea Demands Coupang Fix Security After 33.7M Customer Data Leak
South Korea Demands Coupang Fix Security After 33.7M Customer Data Leak
10 Feb
Summary
- A former engineer exploited system vulnerabilities, causing a massive data leak.
- Approximately 33.7 million customer records were compromised in the breach.
- Authorities accuse Coupang of delayed reporting and inadequate security measures.
South Korean authorities revealed that e-commerce leader Coupang must address critical security vulnerabilities following a significant data leak. A government probe, announced on Tuesday, February 10, 2026, attributed the breach to a former Coupang engineer who exploited weaknesses in the company's authentication system.
The investigation confirmed that approximately 33.7 million customer records were compromised. The attacker reportedly used an internal security key to generate fake login tokens, gaining unauthorized access to user accounts. This incident, which began in January 2025 and lasted until November, is considered one of South Korea's most severe data breaches.
Officials criticized Coupang for failing to detect forged logins and for not rotating signing keys after the developer's departure. The company also faces accusations of violating information network law by delaying its report of the breach by more than 24 hours. Separate investigations by police and data protection agencies are ongoing.
Authorities are demanding Coupang implement a robust detection and blocking system for electronic access cards to prevent future unauthorized access. The company could face an administrative fine of up to 30 million won ($20,596) for the reporting delay and for failing to comply with a data preservation order.
