South Korea’s Amazon equivalent Coupang Confirms Major Data Breach Affecting Nearly 34 Million Accounts

South Korean e-commerce giant Coupang has confirmed a massive data breach that may have exposed personal details from almost 34 million customer accounts, prompting a national investigation and renewed scrutiny of corporate data security practices.

The Korea Internet & Security Agency (KISA) said it is examining the incident, describing the breach as one of the country’s most significant in recent years. Coupang, often likened to the South Korean equivalent of Amazon, disclosed that it first detected unauthorised access on 18 November involving about 4,500 accounts. Further internal checks, however, revealed that up to 33.7 million accounts—all belonging to customers in South Korea—were likely compromised.

The company believes the unauthorised access may have begun as early as June through a server located overseas. Data believed to be exposed includes names, email addresses, phone numbers, shipping addresses and portions of order histories. Coupang stressed that no credit card details or login credentials were accessed and said these remain securely protected.

The scale of the breach is staggering in a country of 52 million people. Coupang, which recently reported close to 25 million active users, apologised to customers and urged them to watch out for phishing attempts or scams impersonating the company. It has not identified the individuals behind the breach.

Local media have reported that authorities are looking into a former Coupang employee from China as a possible suspect, although investigations are still ongoing. South Korea’s Ministry of Science and ICT said the national Personal Information Protection Commission will review whether Coupang failed to uphold required data-protection standards.

“If violations of safety obligations are confirmed, strict sanctions will follow,” the ministry said.

The incident has drawn strong criticism from national media. Editorials in major outlets, including the Chosun Ilbo and Dong-A Ilbo, condemned the breach as “preposterous” and potentially “the worst personal data leak” in the nation’s history, questioning how such a large-scale intrusion went undetected for months.

Coupang has previously reported multiple cyber-security issues, including a breach that exposed information from 460,000 customers. Its latest incident adds to a growing list of high-profile attacks on major South Korean firms this year, despite the country’s reputation for robust data-privacy regulations.

Earlier this year, SK Telecom was fined nearly $100 million for a breach that affected more than 20 million subscribers, while Lotte Card disclosed a cyber-attack that exposed data from nearly three million customers.

South Korean authorities are continuing investigations as customers await further updates from Coupang.