Coupang announces $1.17B compensation plan for 33.7M data breach victims
Pierluigi Paganini
December 30, 2025
Coupang will spend about $1.17B to compensate 33.7 million users affected by a data breach, providing purchase vouchers to those impacted.
Coupang announced it will spend about $1.17 billion to compensate 33.7 million people affected by a recent data breach, providing purchase vouchers to impacted users.
“Coupang plans to provide customers with purchase vouchers worth 1.685 trillion won starting January 15th of next year. This incentive will be given to customers with 33.7 million accounts who were notified of a personal information breach in late November.” reads the press release published by the company. “Both Wow members and regular members will receive the same incentives. This also includes customers who left Coupang after receiving notification of the breach. Coupang plans to sequentially notify all 33.7 million account users via text message regarding the voucher redemption process.”
Coupang is South Korea’s leading e‑commerce and logistics platform, often dubbed “Korea’s Amazon”. In 2024 it generated about $30.3 billion in revenue, with Q3 2025 net revenues of $9.3 billion, up 18% year-on-year. It employs roughly 60–65,000 people globally and reported around 24.7 million active customers.
In early December, the South Korean e-commerce giant disclosed a data breach affecting nearly 34 million customers, exposing personal information over a period of more than five months.
“According to the investigation so far, it is believed that unauthorized access to personal information began on June 24, 2025, via overseas servers,” the company announced. “Coupang blocked the unauthorized access route, strengthened internal monitoring, and retained experts from a leading independent security firm.” the company added.
The company initially detected unauthorized access to 4,500 accounts on November 18, but an investigation later confirmed that about 33.7 million customer accounts in South Korea were affected. Exposed data included names, emails, phone numbers, shipping addresses, and some order histories. The company noted that no sensitive information, such as payment data, credit card numbers, or login credentials, was compromised.
Coupang notified Korea Internet & Security Agency (KISA) and the National Police Agency, and reported the incident to the national data protection authority of South Korea, the Personal Information Protection Commission (PIPC).
Coupang said the breach did not impact customer data from its Taiwan marketplace or Rocket Now, its food delivery service in Japan. The company revealed the data breach started on June 24, 2025.
Deputy Prime Minister and ICT Minister Bae Kyung-hoon held an emergency meeting with key government officials in Seoul.
Police identified a suspect, a former Chinese Coupang employee who has since left the country. The company notified the Securities and Exchange Commission that he was the culprit.
Coupang founder and chairman Kim Bum-seok announced that all the stolen data was recovered and that the leaker’s storage devices had been seized.
Now, Coupang says it will compensate affected users with four vouchers totaling 50,000 won, usable across its services. Eligibility can be checked in the app starting January 15.
“This incident will be an opportunity for Coupang to deeply practice ‘customer-centricity’ and fulfill its responsibilities to the end, transforming into a company that customers trust,” adding, “I once again deeply apologize to our customers.” Harold Rogers, Coupang Korea’s interim CEO, said
This breach adds to a series of cybersecurity incidents in South Korea. Coupang has faced multiple security incidents, including exposures of customer and driver data from 2020–2021 and a December 2023 data breach affecting over 22,000 customers.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)