Coupang Faces Government Scrutiny Over Recent Cybersecurity Incident

South Korean Police have raided the headquarters of Coupang, launching a broader probe into the data security incident the company recently revealed and seeking further evidence to determine the scope and impact of the breach.

 

Coupang, South Korea’s leading e-commerce platform, recently experienced a major data breach that exposed sensitive personal information of approximately 33.7 million users—nearly two-thirds of the country’s population. The breach, which began on June 24 and was detected on November 18, compromised names, email addresses, phone numbers, shipping addresses, and some order histories. Importantly, no credit card information or login credentials were accessed.

 

The incident was allegedly perpetrated by a former Coupang developer involved in the company’s authentication system, who is believed to be located in China. The attacker reportedly sent an email threatening to disclose the data unless security improvements were made.

 

The breach went undetected for about five months, leading to significant public outrage and regulatory scrutiny. Coupang’s CEO, Park Dae-jun, resigned in response to the fallout, and Harold Rogers, chief administrative officer of Coupang’s U.S.-based parent group, was named interim CEO.

 

Recently, South Korean media reported that police carried out a search at the headquarters of e-commerce giant to secure evidence related to the massive data breach. The Seoul Metropolitan Police Agency’s cyber investigation team dispatched officers to Coupang’s southern Seoul headquarters to gather evidence that could clarify how the breach occurred.

 

Police had initially investigated the case using data that Coupang voluntarily provided. Authorities added they are pursuing the suspect behind the breach after obtaining the Internet Protocol address used in the incident.

 

“Based on the secured digital evidence, (we) plan to comprehensively determine the overall facts of the case, such as the leaker of the personal information as well as the route and cause of the leak,” a police official said.

 

Following the breach, Coupang publicly apologised and said it will strengthen its cyber security measures to prevent similar incidents. The incident also impacted the company’s U.S.-listed shares, which declined by more than 4% since the breach became public.