Personal Information of 33.7 Million Stolen From Coupang

US-listed ecommerce giant Coupang (NYSE: CPNG), one of South Korea’s largest online retailers, has disclosed a five-month-long data breach involving the personal information of 33.7 million customers in Korea.

The incident, the company says, came to light on November 18, when it “became aware of unauthorized personal data access” to roughly 4,500 customer accounts.

“Subsequent investigation has revealed that the extent of customer account exposure is about 33.7 million accounts, all in Korea,” a Coupang spokesperson told SecurityWeek.

The company has revealed that a threat actor gained access to customers’ personal information on June 24, 2025, “via overseas servers”.

Coupang says it immediately blocked the unauthorized access, improved internal monitoring, and notified the relevant authorities in Korea, including the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet Security Agency, and the National Police Agency.

During the five-month window, the threat actors ...