Coupang, South Korea’s largest e-commerce company, has disclosed a major data breach affecting nearly the entire domestic user base. The company confirmed unauthorised access to account data belonging to more than 33.7 million customers, with exposed details including names, phone numbers, emails, addresses and order history.
The company initially detected suspicious access on November 18, flagging a breach involving around 4,500 accounts. But as investigators dug deeper, the scale expanded accordingly. The breach is now believed to date back to late June and was traced to a server located outside the country.
South Korea’s internet watchdog and law enforcement are actively investigating. Coupang has reported the breach to the National Police Agency, the Personal Information Protection Commission and the Korea Internet & Security Agency.
The company says there is no evidence that sensitive data such as payment information, passwords or account login details were exposed. That claim has been repeated in the FAQ posted to its official website, where Coupang reassures users that credit card data remains secure.
Still, security experts are raising concerns about how long the breach remained active. Piyush Pandey, CEO of access security firm Pathlock, commented that incidents like this highlight the need for early threat detection rather than relying solely on perimeter defences. “In today’s threat environment, success isn’t just about blocking attacks. It’s also about how quickly you can respond once a breach happens,” he said.
Coupang users impacted by the breach are being notified directly via email and text. The company said no follow-up action is required from affected customers, but it warned people to be cautious of phishing attempts that may take advantage of the incident.
So far, no secondary misuse of the leaked data has been reported, but the full impact remains under review. Coupang said its internal teams are working with investigators and pledged to provide updates as more information becomes available.
With a total population of 51.7 million, the Coupang data breach impacts approximately 65.2% of South Korea’s population.
The breach adds to a series of recent data incidents affecting major Korean companies, with SK Telecom among those previously targeted. With nearly every South Korean customer affected in this case, Coupang is now facing serious questions about its internal security posture and breach response timeline.