Coupang breach exposes data of over 33 million users

South Korean e‑commerce giant Coupang has disclosed a massive data breach that exposed personal information from approximately 33.7 million customer accounts, making it one of the largest cyber incidents in the country’s history.
​The exposed data includes names, email addresses, phone numbers, postal or shipping addresses, and order histories, with some reports noting leak of delivery entrance codes, raising concerns about both digital and physical security risks for customers. Coupang has stated that payment card data, bank information, and account passwords were not accessed, which may limit direct financial fraud but still leaves users vulnerable to targeted phishing and social‑engineering attacks. Investigators are examining indications that a former employee abused long‑valid cryptographic keys or tokens linked to Coupang’s authentication systems, allowing creation of fraudulent access tokens that bypassed normal security controls from abroad. South Korean regulators and police have launched a joint investigation, and the incident has triggered intense public backlash, potential regulatory sanctions, and growing legal action against the company and its leadership.