Coupang Data Breach Impacts 33 Million Users, Government Disputes Company’s Claim
Updated (2 articles)
Scale of Leak Confirmed at Over 33 Million Users Science Minister Bae Kyung‑hoon told lawmakers that a joint government‑private investigation uncovered names, email addresses, and likely addresses and order details of more than 33 million Coupang customers [1][2]. The probe involves the Personal Information Protection Commission and police, illustrating coordinated regulatory response. Bae emphasized that the breach’s magnitude far exceeds earlier company statements.
Coupang’s 3,000‑Account Estimate Rejected by Authorities Coupang initially claimed forensic evidence limited the breach to about 3,000 accounts, citing a former employee’s confession and recovered equipment [1]. The minister publicly dismissed this figure, stating the government cannot accept the company’s assessment and that the leak appears far broader [2]. This disagreement highlights tension over public communication of the incident.
Suspect Accessed Servers, Possible Cloud Upload Bae explained that the suspect had direct access to Coupang’s servers and may have uploaded stolen data to an external cloud rather than storing it locally [1]. Ongoing laptop analysis seeks to determine the exact method of exfiltration. The possibility of cloud‑based transfer expands the scope of potential data exposure.
Compensation Offer of 50,000 Won Per User Draws Criticism Coupang announced a 1.685 trillion‑won compensation plan, paying 50,000 won to each affected user [1]. Consumer‑rights groups labeled the amount “marketing‑based” and insufficient given the breach’s scale. Interim CEO Harold Rogers faced parliamentary grilling, while founder Kim Bom‑suk was absent, underscoring corporate accountability concerns.
Sources (2 articles)
-
[1]
Yonhap: Science Minister Reaffirms Coupang Data Leak Affected 33 Million Customers – Highlights the joint investigation’s findings, disputes Coupang’s 3,000‑account claim, notes suspected cloud upload and a criticized compensation scheme; focuses on minister’s remarks and government stance .
-
[2]
Yonhap: Science Minister Reaffirms Coupang Data Leak Affected 33 Million Customers – Emphasizes that the leak likely includes additional personal data, stresses cross‑agency coordination, and reiterates criticism of Coupang’s uncoordinated announcement; provides a broader view of regulatory response .
Timeline
Dec 30 2025 (02:46 UTC) – Science Minister Bae Kyung‑hoon tells parliament that a joint government‑private probe confirms the names and email addresses of more than 33 million Coupang users have been leaked, and that addresses and order details are also believed to be exposed. He rejects Coupang’s claim that only about 3,000 accounts were affected, calling the company’s uncoordinated public announcement “grave concern” and warning that the breach is far larger than the firm suggested. The investigation is coordinated by the Personal Information Protection Commission and police, underscoring cross‑agency involvement. [2]
Dec 30 2025 (07:29 UTC) – Bae Kyung‑hoon expands on the probe, saying the suspect had server access and could have uploaded data to a cloud server rather than storing it locally, and that forensic analysis of the laptop is ongoing. He criticizes Coupang’s handling, stating the firm “acted with extremely malicious intent.” Interim CEO Harold Rogers appears before lawmakers, describing the 1.685 trillion‑won compensation plan (50,000 won per user) as “voluntary and unprecedented,” while consumer groups decry it as insufficient and marketing‑driven. [1]