Coupang Confirms Former Employee Saved Data of 3,000 Customers, No External Leak
Updated (4 articles)
Former employee identified and confessed to data access Coupang announced that forensic analysis pinpointed a former employee who admitted to using stolen security keys to infiltrate its systems. The suspect accessed basic personal information from roughly 33 million accounts. Only about 3,000 of those accounts had their data actually saved before the employee deleted it. The confession and technical details were disclosed in a press release on Dec 25 2025. [1][2][3][4]
Recovered data limited to basic identifiers, no payment details The company recovered all personal information tied to the 3,000 customers, including names, emails, phone numbers and home addresses. It confirmed that no payment data, login credentials, or customs clearance numbers were accessed or exfiltrated. Internal investigators found no evidence that any of the information was transmitted to third parties. All stored copies were deleted after media reports surfaced. [1][2][3][4]
Coupang secured devices and upgraded security controls Coupang reported that it has secured the hard drive and other devices used to view the data. The firm implemented additional access‑control measures and continuous monitoring to prevent future misuse. An internal review concluded that the breach was isolated to the former employee’s actions. [1][3]
Government launches joint investigation, disputes company’s unilateral claim South Korean authorities formed a private‑public task force in late November to probe the incident affecting tens of millions of users. Officials said the joint probe’s findings have not been released, contradicting Coupang’s claim that the matter is resolved. The government’s estimate of affected accounts stands at about 33.7 million, slightly higher than the company’s 33 million figure. [1]
Presidential office convenes emergency meeting following disclosure Reports indicated that the presidential office scheduled an emergency meeting with relevant ministries after the data‑access story broke. The meeting aimed to coordinate a response and assess regulatory implications. [2]
Sources (4 articles)
-
[1]
Yonhap: Coupang says former employee saved data from only 3,000 customers, no external leak: Emphasizes unilateral company statement, mentions joint investigation and differing user counts; highlights government dispute.
-
[2]
Yonhap: Coupang says former employee saved data from about 3,000 customers; no external leak: Focuses on recovery of 3,000 customers’ data, details of stolen keys, and emergency presidential meeting.
-
[3]
Yonhap: Coupang says former employee saved data from only 3,000 customers, no external leak: Reiterates internal review findings, stresses lack of third‑party sharing, and outlines security enhancements.
-
[4]
Yonhap: Coupang says former employee saved data from about 3,000 customers; no external leak: Highlights identification of suspect, deletion of stored data after media coverage, and confirms no third‑party transmission.
Timeline
Dec 9, 2025 – A photo caption places Coupang’s Seoul headquarters on this date, underscoring the company’s central role as the data‑access incident unfolds. [3]
Nov 2025 – The South Korean government creates a private‑public joint investigation team to probe a massive data breach that may affect tens of millions of Coupang users, signaling high‑level state involvement. [1]
Dec 23, 2025 – The interagency task force holds its inaugural meeting, marking the first coordinated effort between government agencies and Coupang to investigate the breach. [1]
Dec 25, 2025 (06:57 UTC) – Coupang announces it has identified a former employee who used stolen security keys to access basic information from roughly 33 million accounts, but only about 3,000 customers’ data were actually saved; the company says all stored data have been deleted. [4]
Dec 25, 2025 (07:23 UTC) – In a detailed press release, Coupang states its internal review finds no evidence that any of the accessed data—names, email addresses, phone numbers, home addresses—were shared with third parties, and it secures all devices, including a hard drive, used in the incident. [3]
Dec 25, 2025 (07:43 UTC) – Coupang stresses that no payment information, login credentials, or customs clearance numbers were compromised, and it reports that the presidential office plans an emergency meeting with relevant officials to discuss the case. [2]
Dec 25, 2025 (09:00 UTC) – Coupang declares that all personal information tied to the roughly 3,000 affected customers has been recovered and permanently deleted, and it emphasizes there is no external leak; however, government officials dispute the company’s unilateral claim and note that the joint probe’s findings have not yet been released. [1]