Police Conduct Second‑Day Raid on Coupang Headquarters Over 33.7 Million Data Breach
Updated (4 articles)
Raid timeline and scope On December 9, 2025, Seoul Metropolitan Police Agency’s cyber investigation team raided Coupang’s Songpa headquarters, seizing internal documents related to the breach [2][3][4]. The operation continued the next day with a second‑day raid, again under a search warrant, to collect further evidence [1]. The warrant names a former employee, a Chinese national, as the primary suspect in breaching the network and leaking data [1][2].
Scale of compromised data Coupang disclosed that personal information of about 33.7 million customers was exposed, including names, phone numbers, email addresses and delivery details [1][2][3][4]. This figure represents more than half of South Korea’s ≈ 52 million population [1][2]. Earlier reports had underestimated the impact, initially citing only ≈ 4,500 affected accounts [3][4].
Investigation focus and digital leads Police have secured the IP address used in the intrusion and are using it to trace the leaker’s route and identify system vulnerabilities [1][3][4]. The investigation aims to map the full leak pathway, determine how the data was accessed, and assess any security lapses in Coupang’s customer‑information management [1][2]. No criminal use of the stolen data has been confirmed yet [3].
Background and prior disclosures The breach was first reported by Coupang on November 18, when it disclosed a breach affecting roughly 4,500 customers [3][4]. Following that, the police began a preliminary inquiry based on voluntarily submitted records from the company [4]. The recent raids represent an escalation from the earlier voluntary‑submission phase to a full‑scale evidence‑seizure operation [2].
Sources (4 articles)
-
[1]
Yonhap: Police raid Coupang headquarters for 2nd day over massive data breach – Highlights the December 10 second‑day raid, the suspect’s nationality, and the ongoing effort to seize evidence .
-
[2]
Yonhap: Police raid Coupang HQ in Seoul over data breach affecting 34 million – Details the initial December 9 raid, the 34 million‑person impact, and police plans to trace the leaker and breach route .
-
[3]
Yonhap: Police raid Coupang over massive data breach – Emphasizes the scope of the breach (33.7 million), the secured IP address, and notes no arrests or criminal use identified yet .
-
[4]
Yonhap: Police raid Coupang HQ to seize evidence in data breach investigation – Focuses on the investigative goals, prior voluntary data submission, and the use of the IP address as a lead .
Timeline
Nov 18, 2025 – Coupang publicly reports a data breach that initially exposes the personal details of about 4,500 customers, prompting the Seoul Metropolitan Police Agency (SMPA) to begin a voluntary‑submission investigation into the company’s security practices[3].
Dec 8, 2025 – The SMPA’s cyber investigation team raids Coupang’s Songpa headquarters in southern Seoul, seizing digital evidence to map the breach’s route, identify the leaker, and assess vulnerabilities after the firm discloses that 33.7 million customers’ names, phone numbers, email addresses and delivery details have been compromised[4].
Dec 9, 2025 – Police conduct a second, coordinated raid on Coupang’s headquarters, executing a search warrant that names a Chinese national, a former Coupang employee, as a suspect accused of breaching the information‑communications network and leaking the data; investigators also secure the IP address used in the intrusion and aim to trace the leak’s origin[2][1].
Dec 10, 2025 – A follow‑up raid returns to Coupang’s Songpa site to collect additional evidence, with officers focusing on potential flaws in the company’s customer‑information management system and continuing to track the suspect identified in the warrant[1].