Coupang Breach Sparks Probe And $1.18B Payback
Breach Went Undetected For Months
SEOUL, Dec 30, 2025
Coupang said it will spend 1.69 trillion won ($1.18 billion) to compensate users after a data breach that it said affected 33.7 million customer accounts in South Korea, as authorities continue to investigate the scope of the incident and whether the company’s claims about deletion and non-distribution can be verified.
The company said affected users will receive 50,000 won vouchers usable on Coupang services, a plan that drew criticism from lawmakers and consumer groups who said vouchers resemble a marketing measure rather than direct compensation for potential harm.
Coupang has said unauthorized access began on June 24, 2025 and was detected on Nov 18, according to reporting that cited the company’s account. The timeline raised questions in South Korea about monitoring and internal controls after the breach became public in early December.
What Data Was Exposed, And What Coupang Said Stayed Safe
Coupang said personal customer information was accessed, while it maintained that payment information and login credentials were not compromised. It also said customs clearance identifiers were not included.
Separate reporting said exposed data included 2,609 building access codes, a detail that prompted concerns about physical security risks tied to delivery addresses and access procedures.
Former Employee Identified, While Scope Remained Disputed
Coupang said a former employee was responsible for the breach and that forensic work helped identify the suspect. Reuters reported investigators found data for about 3,000 customers stored on the suspect’s personal computer, even as Coupang described the breach as affecting 33.7 million accounts. Coupang said the data was deleted and not distributed to third parties.
South Korea’s Ministry of Science and ICT said the joint public-private investigation remained ongoing and that it had not confirmed Coupang’s claims, while criticizing the company for releasing conclusions before authorities had completed their work.
Laptop Thrown Into River Became A Key Detail
The investigation drew public attention after local outlets reported that the suspect said he destroyed the laptop used in the breach, placed it in a Coupang eco-bag weighted with bricks, and threw a bag into a river or stream. Divers later recovered the device after the suspect disclosed its location, according to multiple reports.
BusinessKorea reported that identifying information from the recovered device matched the suspect’s iCloud registration, which investigators cited as supporting attribution.
Police Raids And Political Fallout
Authorities raided Coupang offices as part of the investigation, according to business press reporting in South Korea, and lawmakers pressed the company on delayed detection and safeguards against insider or former-employee access.
Coupang founder and chairman Bom Kim apologized publicly on Dec 28, Reuters reported, as criticism grew over his absence from parliamentary hearings tied to the breach.
Compensation Plan Draws Criticism Over Voucher Format
Coupang announced its 1.69 trillion won compensation plan on Dec 29, which Reuters described as 50,000 won vouchers per affected user, totaling about $1.18 billion.
Critics argued vouchers usable only on Coupang services blur the line between compensation and customer retention, Reuters reported.
What Remains Unresolved
Authorities have not publicly confirmed whether the incident was limited to the records stored on the suspect’s devices or whether broader extraction occurred. The government has also not verified Coupang’s position that leaked customer information was deleted and not shared, Reuters reported.
This report was produced with AI assistance, using web research from the sources listed below.
Sources
- Reuters — Coupang Says All Leaked Customer Information Has Been Deleted (Dec 25, 2025)
https://www.reuters.com/sustainability/boards-policy-regulation/coupang-says-all-leaked-customer-information-has-been-deleted-2025-12-25/ - Reuters — Coupang Announces $1.18 Billion Compensation to South Korea Users for Data Leak (Dec 29, 2025)
https://www.reuters.com/world/asia-pacific/coupang-announces-118-billion-compensation-south-korea-users-data-leak-2025-12-29/ - BusinessKorea — Coupang Uncovers Data Breach Culprit, Confirms Minimal Impact (Dec 25, 2025)
https://www.businesskorea.co.kr/news/articleView.html?idxno=259660 - Chosun Ilbo (English) — Coupang Recovers Devices, Confirms No External Leak (Dec 25, 2025)
https://www.chosun.com/english/industry-en/2025/12/25/KQK4652CFVGH7MX5WRGMOJQURQ/ - Chosun Biz (English) — Coupang Submits Suspect Statement and Laptop as Police Analyze Korea’s Largest Data Leak (Dec 25, 2025)
https://biz.chosun.com/en/en-society/2025/2/25/MYVD4AEE2NHJFEA32FPBB462UI/ - The Korea JoongAng Daily — Coupang Claims Source of Data Leak Has Been Identified (Dec 25, 2025)
https://koreajoongangdaily.joins.com/news/2025-12-25/business/industry/Coupang-says-source-of-data-leak-has-been-identified/2486543 - The Korea Times — Coupang’s Internal Probe Into Data Breach Draws Renewed Bipartisan Backlash (Dec 26, 2025)
https://www.koreatimes.co.kr/business/companies/20251226/coupangs-internal-probe-into-data-breach-draws-renewed-bipartisan-backlash - Channel News Asia — South Korea Police Raid E-Commerce Giant Coupang Over Data Leak (Dec 9, 2025)
https://www.channelnewsasia.com/east-asia/south-korea-coupang-police-raid-e-commerce-data-leak-5569411 - The Register — South Korea’s Coupang Admits Breach Exposed 33.7M Users (Dec 1, 2025)
https://www.theregister.com/2025/12/01/coupang_breach/ - South China Morning Post (AFP) — South Korea’s Coupang Took 5 Months to Spot Data Leak Affecting Over 33 Million People (Dec 2, 2025)
https://www.scmp.com/news/asia/east-asia/article/3334890/south-koreas-coupang-took-5-months-spot-data-leak-affecting-over-33-million-peopleBarron’s — Coupang Stock Surges. A Data Breach Wasn’t as Bad as Feared. (Dec 26, 2025)
https://www.barrons.com/articles/coupang-stock-data-breach-0b0b51f0
Get In Touch
