The information exposed includes customer names, email addresses, mobile numbers, delivery addresses and parts of purchase histories. Credit: bluestork / Shutterstock.com

South Korean e‑commerce platform Coupang has apologised after revealing that a large-scale data breach has affected 33.7 million customer accounts in the country.  

The company stated: “Coupang offers sincere apologies for any concern this may have caused, and asks customers to exercise vigilance against phone calls, text messages or other communications impersonating Coupang.”  

Go deeper with GlobalData

Go deeper with GlobalData

The gold standard of business intelligence.

Find out more

Discover B2B Marketing That Performs

Combine business intelligence and editorial excellence to reach engaged professionals across 36 leading media platforms.

Find out more

The unauthorised access began on 24 June 2025 via overseas servers.

Coupang detected suspicious activity on 18 November, initially finding that around 4,500 accounts had been compromised, before a wider investigation showed the incident was far more extensive. 

The information exposed includes customer names, email addresses, mobile numbers, delivery addresses and parts of purchase histories.  

Payment information, credit card details and login credentials were not accessed. 

GlobalData Strategic Intelligence

US Tariffs are shifting - will you react or anticipate?

Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.

By GlobalData

Users do not need to take immediate action on their accounts. 

The South Korean government called an emergency meeting in response to the discovery.  

Minister of Science and ICT Bae Kyung-hoon stated that authorities were examining whether Coupang had breached regulations on the protection of personal information. 

Coupang has submitted a complaint to police and an investigation by law enforcement is under way. 

The company has shut down the channel used for the unauthorised access, tightened internal monitoring systems and brought in external specialists from an independent cybersecurity company. 

Coupang is also working with a joint public‑private taskforce that includes the Ministry of Science and ICT, the Personal Information Protection Commission (PIPC), the Korea Internet & Security Agency (KISA) and the National Police Agency. 

KISA has issued a public notice to those affected, urging caution over possible phishing attempts stemming from the leaked data. 

Coupang CEO Park Dae-jun stated: “We express our regret over Coupang’s recent incident, which began on June 24th of this year. We sincerely apologise for any inconvenience and concern caused to our customers.”