A former employee of South Korean e-commerce giant Coupang attempted to destroy evidence of a massive data theft by throwing his MacBook Air into a river, investigators revealed this week.
The desperate act failed spectacularly, with forensic experts recovering the device and using its serial number to connect it to the accused perpetrator’s iCloud account.
The Breach Details
The former staffer admitted to stealing a security key while employed at Coupang and using it to access customer records illegally.
According to forensic investigations conducted by Mandiant, Palo Alto Networks, and Ernst & Young, the accused looked up data belonging to approximately 3,000 customers, including their order histories and building access codes used by delivery personnel, as reported by TheRegister.
The perpetrator accessed the stolen data using a personal computer and a MacBook Air over several months.
When investigators requested the devices, the accused surrendered the PC, which contained evidence of the attack scripts used during the intrusion. However, he decided to dispose of the MacBook rather than hand it over.
After news reports surfaced about the security incident, the perpetrator attempted an unconventional destruction method.
He smashed the MacBook Air, placed it in a Coupang canvas bag with bricks for weight, and threw the package into a nearby river. The strategy appeared sound in theory but ultimately proved ineffective.
Authorities recovered the submerged laptop from the water and managed to read its serial number, which matched records from the accused’s iCloud account.
This critical evidence directly linked the device to the suspect, undermining his destruction efforts entirely.
Coupang’s internal investigation concluded the perpetrator retained data from roughly 3,000 accounts exclusively on his personal devices and deleted all stolen information after seeing media coverage of the breach. The company found no evidence contradicting his sworn statements.
Despite the limited scope of actual data retention, the incident affected over 33 million customers whose information was accessed more than half of South Korea’s population.
In response, Coupang announced plans to compensate affected users with ₩50,000 ($35) vouchers, costing the company approximately $1.17 billion.
South Korea’s government has launched a formal inquiry into the company’s security practices, with potential substantial fines expected based on similar precedents involving other major Korean corporations.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.