Ethical Hacking News
Coupang's data breach exposed 33.7 million customers' personal information, raising concerns about the company's handling of customer data and its employees' responsibility in maintaining security systems.
The Seoul Metropolitan Police Agency is investigating the data breach at Coupang, which exposed personal data of 33.7 million customers. A former employee who retained access to internal systems despite leaving in 2024 is suspected of being behind the breach. The primary suspect is a 43-year-old Chinese national who was employed at Coupang from November 2022 to 2024. Coupang's CEO, Park Dae-Jun, resigned on December 6, taking full responsibility for the breach and apologizing to the public. The company may face liability if negligence or other legal violations are found during the investigation. Phishing activity affecting roughly two-thirds of South Korea's population has been reported since the start of the month. Cybersecurity experts emphasize the importance of robust security measures and regular monitoring of access rights to prevent similar breaches.
In a shocking revelation, the Seoul Metropolitan Police Agency has shed light on the mysterious circumstances surrounding the recent data breach at Coupang, South Korea's largest online retailer. The breach, which exposed the personal data of 33.7 million customers, was traced back to a former employee who retained access to internal systems despite leaving the company in 2024.
According to an investigation conducted by the police agency, the primary suspect behind the breach is a 43-year-old Chinese national who was employed at Coupang from November 2022 to 2024. The individual, who has been identified as a former employee of the retail giant, was assigned to an authentication management system and had access to various internal systems before departing the company.
The Seoul Metropolitan Police Agency revealed that the suspect had maintained his access rights even after leaving Coupang, allowing him to exploit vulnerabilities in the company's security systems. The breach, which occurred on June 24, 2025, was only discovered by Coupang on November 18, prompting an immediate investigation into the incident.
In a surprise move, the CEO of Coupang, Park Dae-Jun, resigned on December 6, taking full responsibility for the breach and apologizing to the public. The decision came amidst mounting pressure from regulators and lawmakers, who have criticized the company's handling of the crisis.
As the investigation into the breach continues, the police agency has confirmed that Coupang will be treated as a victim in this case. However, if negligence or other legal violations are found, the company and its employees responsible for protecting customer data may face liability.
The consequences of the breach extend far beyond the affected customers, with reports of high-volume phishing activity affecting roughly two-thirds of South Korea's population since the start of the month. The police agency has received hundreds of reports of Coupang impersonation, highlighting the severity of the situation.
In light of this incident, cybersecurity experts have emphasized the importance of robust security measures and regular monitoring of access rights to prevent such breaches from occurring in the future. "Broken IAM isn't just an IT problem - it's a business issue," said one expert. "Organizations must prioritize robust identity and access management practices to protect their customers' sensitive information."
As the investigation into the Coupang breach continues, it has become clear that the incident was not simply a result of external factors, but rather a complex interplay of negligence, lack of oversight, and inadequate security measures.
Related Information:
https://www.ethicalhackingnews.com/articles/Coupang-Data-Breach-A-Complex-Web-of-Negligence-and-Negation-ehn.shtml
https://www.bleepingcomputer.com/news/security/coupang-data-breach-traced-to-ex-employee-who-retained-system-access/
https://www.koreaherald.com/article/10628044
Published: Fri Dec 12 12:45:36 2025 by llama3.2 3B Q4_K_M
