In a desperate attempt to cover his tracks, the hacker behind Coupang’s massive personal data leak hurled his MacBook Air into a nearby river, only for company investigators to fish it out days later.
This cinematic twist emerged as South Korean e-commerce giant Coupang detailed its government-directed probe into the breach affecting 33.7 million customers, while unveiling a 1.685 trillion won ($1.2 billion) compensation package to rebuild trust.
The incident unfolded after Coupang disclosed in late November that hackers had accessed sensitive user data, including names, addresses, and phone numbers.
Public criticism increased amid claims of a weak response, but on December 26, the company clarified that it was not a solo effort. Instead, starting December 1, Coupang worked under daily government oversight to coordinate a multi-week operation tracking the attacker.
Official letters and directives guided every step. On December 9, authorities instructed Coupang to reach out to the leaker, carefully scripting messages.
Initial meetings occurred on the 14th, yielding a full confession, desktop, hard drives, and sworn testimony, all promptly handed over. By December 16, primary devices were secured; on the 17th, they reached government analysts.
The plot thickened on December 18: Responding to further orders, Coupang’s forensics team retrieved the submerged MacBook Air, documented it in a chain-of-custody style, and delivered it immediately.
Additional hard drives and three fingerprinted declarations followed on December 21 and were routed to the police. Coupang maintained radio silence per a government mandate, even as media and lawmakers criticized it.
“This was no self-investigation,” Coupang emphasized, countering “false insecurity” from misreports. The firm briefed officials on December 23 and updated customers on the 25th, vowing full cooperation against secondary harms.
Fast-forward to December 29: Interim CEO Harold Rogers announced the unprecedented voucher blitz, equivalent to 50,000 won ($37) per affected account covering WOW members, cancellations, and all notified users.
Starting January 15, texts will alert recipients to four single-use coupons via the app: 5,000 won each for core Coupang products (Rocket Delivery, etc.) and Eats; 20,000 won apiece for Travel and luxury R.LUX.
Rogers expressed deep regret: “We deeply regret the distress caused… This is our responsible action.” He pledged a “customer-centric” pivot: “We’ll transform into a company customers trust.”
Cybersecurity experts hail the recovery as a win against data destruction tactics, but questions linger on prevention. Coupang’s saga underscores supply chain risks in cloud-scale retail, where one insider breach ripples into billions.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
