South Korea’s Privacy Regulator Imposes $409 Million Fine on Coupang Over Massive Data Breach South Korea’s Personal Information Protection Commission (PIPC) has announced a record $409 million (550 billion KRW) fine against e-commerce giant Coupang for a 2023 data breach that exposed the personal information of over 10 million customers. The penalty, the largest ever issued by the PIPC, stems from the company’s failure to implement adequate security measures, leading to unauthorized access to sensitive user data. The breach, detected in June 2023, involved the theft of customer names, phone numbers, email addresses, and partial payment details. Investigators found that Coupang had neglected basic cybersecurity protocols, including weak encryption and insufficient access controls, allowing attackers to exploit vulnerabilities in its systems. The PIPC also criticized the company for delayed breach notifications, which violated South Korea’s strict data protection laws. Coupang, a major player in South Korea’s e-commerce market, has faced growing scrutiny over its data handling practices. The fine underscores the regulator’s increasingly aggressive stance on corporate accountability in cybersecurity. While the company has since strengthened its security infrastructure, the incident has raised concerns about the broader risks of data mismanagement in the region’s digital economy. The case sets a precedent for future enforcement actions, signaling that even industry leaders will face severe consequences for lapses in protecting consumer data.

South Korea’s Coupang Data Breach Complicates US Security Talks South Korea’s National Security Adviser, Wi Sung-lac, confirmed on Friday that an ongoing investigation into a major data breach at e-commerce giant Coupang is creating friction in security negotiations with the United States. The government has emphasized that the probe should proceed independently of broader security discussions, as linking the two could undermine diplomatic progress. The breach, which has drawn regulatory scrutiny, has raised concerns about its potential impact on sensitive bilateral talks. While South Korea maintains that private sector issues should not derail strategic cooperation, the incident has introduced complications in high-level consultations. Details on the scope of the breach, including the number of affected users or the nature of exposed data, remain undisclosed. The situation underscores the growing intersection of cybersecurity incidents and geopolitical relations, particularly as digital threats increasingly influence national security priorities.

South Korea Moves to Tighten Corporate Liability for Data Breaches On March 9, 2026, South Korea’s government and ruling party proposed a second revision to the Personal Information Protection Act (PIPA), aiming to hold companies more accountable for large-scale data breaches. The amendment seeks to simplify compensation claims for victims by removing the requirement to prove a company’s intent or negligence, shifting the burden of proof onto businesses. The push for stricter regulations follows a series of high-profile breaches, including a recent incident at e-commerce giant Coupang, where personal data linked to numerous user accounts may have been exposed. The case has heightened scrutiny over corporate data protection practices. Under the proposed changes, the Personal Information Protection Commission (PIPC) would gain expanded authority, including the power to issue emergency protective orders to contain the spread of compromised data. The amendment also introduces criminal penalties for individuals who knowingly obtain or distribute leaked personal information, closing a legal gap that previously applied only to employees who unlawfully disclosed data. Officials note that victims often face challenges in gathering evidence to support claims, as companies frequently withhold details on breach causes or resulting damages. The reform aims to streamline the process for affected individuals to seek redress while increasing deterrence against lax security practices.

Naver Gains Ground in South Korea’s E-Commerce Market as Coupang Faces Post-Breach Shifts South Korea’s e-commerce landscape is undergoing a notable shift, with Naver capitalizing on a personal data breach at rival Coupang to expand its market share. According to data from WiseApp Retail, Naver’s Naver Plus Store saw 7.5 million monthly active users in February, a 5.9% increase from January, while Coupang though still leading with 33.1 million users experienced a 0.2% decline in the same period. Naver’s growth extends beyond user numbers. Samsung Securities reported that Naver Shopping’s transaction volume surged 28% year-over-year in February, outpacing Coupang’s 10% growth and the broader market. This momentum has driven Naver’s commerce revenue to 1.054 trillion won ($790 million) in Q4 2025, a 36% annual increase, with full-year revenue reaching 3.69 trillion won ($2.76 billion) the company’s fastest-growing segment. To challenge Coupang’s dominance in fast delivery, Naver is aggressively expanding its logistics network. The company aims to increase N Delivery’s share of Smart Store transactions to 50% within three years, leveraging partnerships like Kurly N Mart, a joint grocery service with Kurly, which has seen monthly transaction growth exceeding 50%. Naver’s AI-driven recommendation technology is further strengthening its platform. The Naver Plus Store app surpassed 12.9 million cumulative downloads by Q4 2025 and was recognized as a top new shopping app in the Asia-Pacific region by Sensor Tower. In February, Naver introduced a beta AI shopping agent to enhance personalized product recommendations and search functionality. The commerce boom has also fueled Naver’s fintech ecosystem, with payment volume reaching 23 trillion won ($17.2 billion) in Q4 2025, a 19% year-over-year increase. Analysts, including Oh Dong-hwan of Samsung Securities, predict sustained growth, citing improved delivery capabilities, membership benefits, and AI-driven shopping services as key drivers. As Naver continues to close the gap with Coupang, the shift underscores the competitive dynamics of South Korea’s e-commerce sector, particularly in the wake of security concerns at its largest player.

Ivanti Discloses Two Critical EPMM Vulnerabilities with Active Exploitation Ivanti has revealed two critical vulnerabilities in its Endpoint Manager Mobile (EPMM) software, tracked as CVE-2026-1281 and CVE-2026-1340, both carrying a CVSS score of 9.8. The flaws stem from code injection issues and enable unauthenticated remote code execution (RCE) with no user interaction or additional privileges required only network access. The vulnerabilities affect multiple EPMM versions, including 12.5.0.0, 12.6.0.0, 12.7.0.0, 12.5.1.0, and 12.6.1.0, but do not impact other Ivanti products, such as Ivanti Neurons for MDM or Ivanti Endpoint Manager (EPM). Cloud-based deployments with Sentry integration remain unaffected. Ivanti has confirmed active exploitation in a limited number of customer environments, underscoring the urgency of remediation. The company has released version-specific RPM patches for affected deployments, which can be applied without downtime. However, the patches do not persist through upgrades, requiring reinstallation after version changes. A permanent fix will be included in EPMM 12.8.0.0, scheduled for release in Q1 2026. For heightened security, Ivanti recommends rebuilding the EPMM appliance and migrating data, avoiding the need for device re-enrollment. Organizations are advised to prioritize patching due to the low attack complexity, unauthenticated access, and confirmed exploitation. Early adoption of EPMM 12.8.0.0 is encouraged to eliminate recurring patch reapplications.

Coupang Hit by Massive Data Breach, CEO Resigns Amid Stock Decline South Korean e-commerce giant Coupang (CPNG) has disclosed a major cybersecurity breach affecting 33.7 million customer accounts, prompting CEO Park Dae-joon’s resignation and a $1 billion compensation plan for impacted users. The incident has intensified scrutiny over the company’s security practices and leadership stability. The breach coincides with a sharp 34.21% decline in Coupang’s share price over the past 90 days and a 12.37% drop year-to-date, though the company’s three-year total shareholder return remains positive at 24.73%. Coupang, which reported $33.66 billion in revenue and $390 million in net income, now faces investor uncertainty as its P/E ratio of 95.9x far above industry peers raises valuation concerns. While a discounted cash flow (DCF) model suggests the stock may be 21.4% undervalued relative to its estimated future cash flow value of $26.07 per share, the breach and leadership shakeup could further pressure market sentiment. The company’s high valuation multiples, coupled with operational risks, leave its stock trajectory uncertain as it navigates the fallout.

Coupang Downgraded by Nomura Over Data Breach and Regulatory Risks Nomura has downgraded South Korean e-commerce giant Coupang to a "neutral" rating, citing heightened risks from a recent data breach and potential regulatory fallout. The downgrade reflects concerns over the company’s exposure to cybersecurity vulnerabilities and the financial or operational consequences of compliance challenges. While details of the breach remain limited, the incident underscores growing scrutiny of data protection practices in the tech and retail sectors. Regulatory bodies may impose stricter oversight or penalties, particularly in markets with stringent privacy laws. The downgrade could signal broader investor caution regarding companies facing cybersecurity threats or enforcement actions. The move follows a pattern of financial institutions reassessing risk profiles in response to high-profile breaches, where operational disruptions and reputational damage often translate into market volatility. Coupang has yet to release a full incident report, leaving the scope and impact of the breach unclear. Further developments may influence its stock performance and regulatory standing in the coming months.

Coupang Users Targeted in Sophisticated Voice Phishing Scams A rising wave of voice phishing attacks is targeting customers of South Korea’s largest e-commerce platform, Coupang, exploiting fears of data leaks and fraudulent credit card schemes. Victims report receiving calls from scammers posing as delivery personnel or customer service representatives, armed with personal details—including names, phone numbers, and partial bank account information—to lend credibility to their schemes. One anonymous Coupang user recounted nearly falling victim after a caller, claiming to be a credit card delivery agent, informed her that a card had been issued in her name. When she denied applying for it, the scammer alleged her identity had been stolen via Coupang and directed her to call a fake customer service line (beginning with 1544). The imposter then referenced her bank account details, prompting her to hang up before any financial harm occurred. Authorities, including the Financial Supervisory Service (FSS) and police, warn that these scams are growing in frequency. Common tactics include fake credit card issuance alerts, fraudulent compensation claims for delayed deliveries, and malicious links disguised as delivery updates. Scammers often reuse personal data from past breaches to craft convincing scenarios, though no confirmed financial losses have been reported in Coupang-related cases to date. The FSS has called for heightened monitoring as criminals refine their methods, leveraging the platform’s widespread use to manipulate victims through seemingly legitimate interactions.

Coupang Faces Securities Class Action Over Undisclosed Data Breach and Cybersecurity Failures A securities class action lawsuit against Coupang, Inc. (NYSE: CPNG) alleges the e-commerce giant and its executives violated federal securities laws by failing to disclose a six-month-long data breach involving unauthorized access to sensitive customer information. The breach, enabled by inadequate cybersecurity protocols, went undetected as a former employee exploited system vulnerabilities from May 7 to December 16, 2025 the defined "Class Period" for the lawsuit. Plaintiffs claim Coupang misled investors by omitting critical details, including: (1) the company’s weak security controls, which allowed prolonged unauthorized access; (2) the heightened risk of regulatory and legal repercussions; and (3) the failure to promptly report the breach in SEC filings, as required by law. The lawsuits argue these omissions rendered Coupang’s public statements materially false and misleading. Two cases are currently pending: Barry v. Coupang, Inc. (No. 25-cv-10795, U.S. District Court for the Northern District of California) and Lee v. Coupang, Inc. (No. 26-cv-00047, U.S. District Court for the Western District of Washington), which expanded the class period. Investors who purchased Coupang securities during the Class Period have until February 17, 2026, to file as lead plaintiffs. The lawsuits are led by Kahn Swick & Foti, LLC (KSF), a securities litigation firm ranked among the top 10 nationally by ISS Securities Class Action Services for settlement value. KSF, co-founded by former Louisiana Attorney General Charles C. Foti, Jr., specializes in recovering losses for investors affected by corporate fraud.

Audio report: written by reporters, read by AI Coupang, Korea’s largest e-commerce platform, disclosed a major data leak last week affecting 33.7 million customer accounts. The scale surpasses the breach at SK Telecom, which affected 23.24 million people and resulted in the largest fine ever imposed for violations of personal information protection. It is comparable to the 2011 hacking incident that exposed data from 35 million Cyworld and Nate users.The leaked information includes customer names, email addresses, delivery addresses and phone numbers. Coupang says payment information, credit card numbers and login credentials were not compromised, and that customers need not take separate action. Still, the scale of the breach has left users uneasy. The company had reported only 4,500 affected accounts nine days earlier, a figure that turned out to be 7,500 times smaller than the actual number. Customers are advised to avoid phone calls or messages impersonating Coupang.Unlike past data leaks at telecom companies, which were typically caused by hacking, this case may involve a former employee from China. Investigators suspect he extracted customer data over five months without the company noticing. If true, the incident exposes serious flaws in Coupang’s internal controls and access management. Since 2020, the company has suffered four data breaches and been fined a total of 1.5 billion won ($1.02 million). Each time, it pledged to prevent recurrence, yet the assurances prov

Coupang, a South Korean e-commerce giant, suffered a data breach where unauthorized access to 4,536 customer accounts went undetected for 12 days (from November 6 to November 18). The breach was caused by the exploitation of signed access tokens, allowing attackers to view sensitive customer data, including names, phone numbers, shipping addresses, and the five most recent orders. The company failed to detect the intrusion promptly and delayed notifying affected customers, raising concerns about its cybersecurity measures. While Coupang revoked the compromised tokens and reported the incident within the 24-hour legal deadline, the prolonged exposure of personal data has led to criticism over its detection capabilities and transparency. Regulatory bodies, including the Ministry of Science and ICT, KISA, and the Personal Information Protection Commission, are investigating the breach’s cause and impact. The incident highlights vulnerabilities in authentication mechanisms and underscores the risks of unauthorized data access in large-scale digital platforms.

Coupang Offers NT$200 Million in Compensation After Data Breach Affecting 200,000 Taiwanese Users South Korean e-commerce giant Coupang Inc. will compensate over 200,000 Taiwanese customers following a November 2023 data breach that exposed personal information. Starting March 8, eligible users can claim a NT$1,000 (US$32) gift voucher via the Coupang app, a dedicated website, or customer service. The breach stemmed from a former employee who accessed customer data from the company’s systems. While Coupang initially stated there was no evidence of Taiwanese users being affected, cybersecurity firm Mandiant later confirmed that 200,000 Taiwanese accounts had their data exposed, including names, emails, phone numbers, and delivery addresses. However, sensitive details such as credit card numbers, passwords, and national ID numbers were not compromised. In South Korea, Coupang issued 50,000 won (US$34.91) vouchers to 33.7 million account holders as part of a similar compensation program. The company reported that only one Taiwanese customer’s data was stored locally, with the rest belonging to South Korean users. Coupang has recovered all devices used by the former employee and conducted a full forensic analysis. While there is no evidence of data being sold or misused, the company has updated its systems to prevent future leaks. Investigations remain ongoing.

Coupang Suffers Second Major Data Breach in South Korea, Exposing 165,000 More Customers South Korea’s largest e-commerce retailer, Coupang, has disclosed a second significant data breach, exposing the personal information of an additional 165,000 customers. The incident, confirmed on 5 February 2026 following a government investigation, expands the fallout from a November 2025 cyberattack that initially compromised 33 million records over half of South Korea’s population. The latest breach involved names, phone numbers, and residential addresses of affected users. While financial data, login credentials, email accounts, and order histories were not accessed, the exposure of contact details raises concerns over potential identity theft and targeted fraud. This incident follows a 2025 breach that leaked 460,000 records, underscoring a pattern of security failures at the company. South Korea’s Fair Trade Commission (FTC) is conducting a swift investigation, with the possibility of strict sanctions, including business suspension, if violations of the Personal Information Protection Act are found. Legal experts, including Kyung Hee University law professor Song Se-ryeon, warn that punitive action against Coupang could set a precedent for major platform firms. Coupang’s CEO is currently under criminal investigation, with probes expected to continue through 2026. The company faces fines, litigation, and mandatory security reforms, while regulators push for stronger cybersecurity measures across Asia. The breach has intensified scrutiny on corporate data protection, with trust in Coupang eroding amid fears of market share losses to competitors.

CIRO Data Breach Exposes Personal Information of 750,000 Individuals The Canadian Investment Regulatory Organization (CIRO) disclosed a data breach on August 18, 2025, revealing that hackers accessed the personal information of approximately 750,000 individuals in an August cyberattack. The breach stemmed from a sophisticated phishing incident, which led to temporary system shutdowns, though CIRO confirmed its critical regulatory functions remained unaffected. According to CIRO, the compromised data includes sensitive details such as annual income, dates of birth, government-issued ID numbers, phone numbers, investment account numbers, social insurance numbers, and account statements information collected during routine regulatory and compliance activities. The organization clarified that passwords, PINs, and security questions were not exposed, as CIRO does not store such data. While CIRO reported no evidence of data misuse or dark web exposure, it continues to monitor for malicious activity. Impacted individuals clients and former clients of CIRO dealer members are being notified and offered two years of free credit monitoring and identity theft protection services. An FAQ page has also been published to provide further details. CIRO, a pan-Canadian self-regulatory body overseeing investment and mutual fund dealers, stated that the incident is contained with no active threat remaining in its environment. The breach follows a series of recent cybersecurity incidents affecting financial and healthcare sectors globally.

Coupang's massive data breach is expected to have only a limited impact on the number of customers leaving the platform, due to the company's dominant position and differentiated services, analysts said Wednesday. The breach, which exposed the personal information of 33.7 million users, is the largest in Korean history. It reportedly occurred five months ago due to a former employee, but remained undetected until recently. Coupang shares dropped 5.36 percent on Monday (local time) following reports of the breach over the weekend. The stock, however, rebounded slightly on Tuesday, rising 0.23 percent to close at $26.71 in New York trading. Despite the negative headlines, Coupang's domestic rivals saw modest gains or remained largely unaffected. From Monday to Wednesday, Naver shares climbed 1.44 percent to 246,500 won ($167.85). Naver operates e-commerce platforms, including Naver Store and Naver Pay. Emart and Lotte Shopping also advanced 4 percent and 3.1 percent, respectively, while the benchmark KOSPI index added 2.96 percent. Coupang controlled 22.7 percent of Korea's e-commerce market by revenue last year, ahead of Naver at 20.7 percent, Gmarket and Auction at 8 percent, and SSG.com at 3 percent. Analysts say the company's flagship services — such as Rocket Delivery, a free next-day delivery service, and Coupang Play, a streaming platform — provide enough value to limit customers from leaving the platform. Even if some users do depart, rivals may see little benefit

SEOUL, Nov. 30 (Yonhap) -- Anxiety and frustration are mounting following a massive data breach at e-commerce giant Coupang that local observers noted Sunday may have been ongoing for months. On Saturday, the U.S.-listed company confirmed personal information belonging to 33.7 million customers -- nearly its entire user base -- had been compromised. The breached data includes names, phone numbers, email addresses and delivery addresses. The company said payment information, credit card numbers and login credentials were not affected. "Unauthorized access to delivery-related personal information for the affected accounts appears to have been made through overseas servers since June 24," the company said. This photo shows a distribution center of e-commerce giant Coupang in Seoul on Nov. 5, 2025. (Yonhap) The company first discovered the breach on Nov. 18 and notified authorities within two days. Coupang initially reported a leak affecting approximately 4,500 customers. Police launched an investigation after receiving a complaint Tuesday to determine how the breach occurred. As the scope of the breach proves far larger than the 4,500 accounts initially reported and extends back several months earlier than first believed, customers have expressed serious concerns about potential misuse of their compromised information. The incident surpasses SK Telecom's data leak in April, affecting 23.2 million users, which resulted in a record fine of 134.8 billion won. In addition,

South Korea Fines Coupang $460 Million for Massive Data Breach and Employee Data Misuse On June 12, 2026, South Korea’s Personal Information Protection Commission (PIPC) imposed a record fine of 624.7 billion won ($460 million) on e-commerce giant Coupang for a series of data protection violations, including a breach exposing the personal information of 37.55 million users. The fine stems from a 2025 incident in which a former employee exploited weak authentication controls to access and leak sensitive data. The investigation also revealed that Coupang’s Coupang Partners advertising business collected and stored browsing records from 11.17 million users across third-party websites and apps without consent. Additionally, the PIPC found that Coupang had failed to prevent "hijack advertising" a practice where users were forcibly redirected to Coupang’s platform without clicking ads despite being aware of the issue. The company was ordered to strengthen oversight of its advertising partners. Further violations involved Coupang Fulfillment Service (CFS), a subsidiary fined 248 million won for misusing employee data. CFS blacklisted 71 National Police Agency press corps journalists none of whom had worked at its logistics centers on an employment-restriction list. It also used employee weight data, collected for health management, in industrial accident litigation, violating privacy protections. In response, Coupang issued an apology, acknowledging public concern but expressing disappointment that its post-breach remediation efforts were not fully considered in the PIPC’s decision. The case highlights growing regulatory scrutiny over data security, consent violations, and corporate misuse of personal information in South Korea.

South Korea’s 2025 Data Breaches Expose Systemic Security Failures, Prompting Regulatory Overhaul 2025 marked one of South Korea’s most damaging years for data privacy, as a wave of high-profile breaches exposed critical vulnerabilities across major platforms. Household names—including e-commerce giant Coupang, mobile carriers, and financial institutions—fell victim to attacks, compromising the personal data of tens of millions of users and eroding consumer trust. The incidents revealed how even certified security systems could fail under pressure, undermining confidence in existing safeguards. In response, South Korean regulators are tightening oversight, with plans to impose stricter fines and reinforce the Information Security Management System Plus (ISMS-P) framework. The reforms aim to hold corporations accountable and prevent future breaches, though their effectiveness will be tested in 2026 as enforcement ramps up. The fallout from 2025 has already reshaped the country’s cybersecurity landscape, signaling a shift toward more aggressive regulatory action to address persistent gaps in corporate security practices.

E-commerce firm Coupang, South Korea's largest online retailer, has apologized for a data-breach affecting nearly 34 million of its customers. "We express regret over the recent incident," the company said. File Photo courtesy of Coupang Dec. 1 (UPI) -- Coupang, South Korea's largest online retailer described as the country's Amazon.com, has apologized for a data breach impacting nearly 34 million of its customers. The company, which operates its global headquarters from Seattle, Wash., confirmed the cyberattack in a letter Sunday and explained that the data breach compromised customers' names, email addresses, phone numbers, shipping addresses and some order histories. "We express regret over the recent incident ... we apologize for causing inconvenience and concern," Park Dae-jun, Coupang's chief executive officer wrote in the statement. Coupang said credit card numbers, login credentials, payment information and other more sensitive information were not affected. "Coupang will do its best to prevent further damage in close cooperation with the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet & Security Agency, the National Police Agency and other public-private joint investigation teams," the company said. "We are reviewing what changes we can make to the data security system, so we can better protect customer information." The company said while the breach was discovered in November, it started five months ago and is su

People Power Party: "Control Tower Failed Amid Repeated Security Breaches" DPK: "Previous Administration Failed to Address Root Causes, Security Gaps Accumulated" 사진 확대 Park Dae-jun, CEO of Coupang, answers questions from reporters after attending an emergency ministerial meeting on the Coupang data breach at Government Complex Seoul on the afternoon of the 30th. [Joint Press] Following a massive data breach at Coupang, the leading e-commerce company in Korea, which exposed the information of approximately 34 million users, the People Power Party and the Democratic Party of Korea (DPK) have engaged in a blame game, each pointing fingers at the other. Choi Bo-yoon, chief spokesperson for the People Power Party, stated in a commentary, "A catastrophic security incident has occurred, leaking personal information on a scale that effectively covers the entire nation. This is the result of both corporate negligence in security and the government's failure in oversight." He continued, "An even more serious issue is the government's response. Although intrusion attempts began in June, they were not detected until November. Under the Lee Jae-myung administration, major security incidents have occurred at KT and Lotte Card, yet the national cybersecurity control tower has essentially failed to function." Members of the People Power Party on the Science, ICT, Broadcasting, and Communications Committee of the National Assembly also released an emergency statement, emphasizing, "Info

When the news broke that over 33 million Coupang customers’ personal information was leaked, including names, addresses, phone numbers and their recent purchase histories — Kim Joo-young, 40, an office worker in Seoul, checked her phone immediately to change her passwords. “It felt like someone could somehow just take everything from me, including my deposits in bank and brokerage accounts without me knowing,” she said. “I thought voice phishing was something I only hear on the news, but the Coupang incident taught me this is no joke and that it could happen to anyone. And that anyone could very well be me.” On Saturday, a day after the leak was reported, she received a text claiming her “recent parcel could not be delivered.” Normally, she would have ignored it. But when the whole country is talking about leaked addresses and purchases, that message suddenly felt like a threat she couldn’t brush off. “I was extremely careful not to click on the link attached by mistake. In the past, I wouldn’t have thought twice about it, but at that moment, I was gripped by fear that I could be the next victim who would regret being careless later. I will pay extra caution when I go over messages from now on," Kim said. Similarly, Park Min-soo, 40, an office worker, said he received a phone call from someone claiming to be a Coupang courier serviceperson, telling him there was a “problem with a recent purchase.” He has not ordered anything recently, but he knew his wife did. The calle

The personal data of more than 33 million customers was leaked in a breach believed to have started on June 24 through overseas servers. South Korean police said Monday they are tracking IP addresses and examining potential security weaknesses at Coupang after the e-commerce giant experienced the country’s most significant data breach in more than ten years. Security Failure The personal data of more than 33 million customers was leaked in a breach believed to have started on June 24 through overseas servers, though the company did not learn of the problem until November 18. South Korea‘s Science Minister Bae Kyung-hoon said on Sunday that the perpetrator had “abused authentication vulnerabilities” in Coupang’s servers, adding that authorities would be investigating whether the company violated rules regarding the protection of personal information. Coupang, which is backed by Japan’s SoftBank Group, has said the breach exposed customers’ names, email addresses, phone numbers, shipping addresses and certain order histories, but not payment details or login credentials. Suspicion of China’s Involvement Broadcaster JTBC has reported that after conducting an internal investigation, Coupang suspects that a Chinese former employee, who was responsible for authentication tasks, was a key figure in the data breach. A former employee used their authentication key that was still active after the termination of the person’s contract to get access to customer information, lawmak

Regulatory push Coupang apologises over massive data breach Coupang, South Korea's largest e-commerce platform often dubbed the “Amazon.com of South Korea,” recently faced a massive data breach. The system of the company were illegally accessed causing a massive data breach and affecting the personal information of 33.7 million customer accounts. The breach was first detected by the company on November 18 but it believes the unauthorised access to customer accounts began on June 24 and was executed through overseas servers. Coupang says that the compromised information is limited to basic personal data and the highly sensitive financial details remain secure. Now, the South Korean Prime Minister Lee Nak-yon has called for stronger penalties against companies that fail to protect consumer data.As reported by Reuters, Lee emphasised that the companies must face tougher consequences when they fail to protect personal information. “We cannot allow negligence in data protection to go unpunished,” he said, urging lawmakers to strengthen penalties and enforcement measures.Along with this, Lee also stressed that protecting the trust of the consumer is of critical importance for South Korea’s digital economy, which heavily relies on e-commerce and online services.He also called for closer cooperation between government agencies and private firms to prevent future breaches.For the uninitiated, South Korea already has some strict data privacy laws under the Personal Informatio