South Korea’s largest e-commerce platform is facing intense scrutiny after authorities launched a criminal investigation into a massive Coupang data breach. It exposed personal information belonging to tens of millions of users. The case has quickly escalated into one of the most significant cybersecurity incidents in the country’s history. Thus, raising serious questions about access controls, breach detection, and corporate accountability.
Breach Affected Nearly 34 Million Users
Coupang confirmed that the breach affected approximately 33.7 million customer accounts, representing a substantial portion of South Korea’s population. The exposed data includes names, email addresses, phone numbers, and delivery information. The company said payment details and passwords were not compromised. However, the scale of the exposure has heightened concerns about identity theft, phishing, and targeted fraud.
Investigators believe the data was accessed over an extended period, beginning in late June and continuing undetected for several months. The breach was only identified in November, a delay that has become a central focus of the investigation.
Police Raid Coupang Headquarters
South Korean police have formally opened a criminal probe and conducted a raid on Coupang’s headquarters in Seoul. Authorities seized internal systems, security logs, and digital devices as part of efforts to reconstruct how the breach occurred and whether negligence or regulatory violations played a role.
Law enforcement officials are reviewing server access records and key management systems to determine how sensitive customer data was accessed and exfiltrated without triggering internal alarms. The length of time the intrusion went unnoticed has raised concerns about Coupang’s monitoring and incident response capabilities.
Former Employee Identified as Suspect
According to investigators, the breach may be linked to a former Coupang employee who allegedly retained system access after leaving the company. Police are examining whether inactive credentials or authentication keys remained valid and were used to gain unauthorized access to customer databases.
The case has reinforced long-standing warnings from cybersecurity experts about insider threats and inadequate offboarding procedures. Investigators are continuing digital forensic analysis to establish responsibility and determine whether additional parties were involved.
Corporate Fallout and Leadership Resignation
The breach has already had major consequences for Coupang’s leadership. CEO Park Dae-jun resigned following public backlash and mounting pressure from regulators. Government officials have openly criticized the company’s delayed detection of the incident and its handling of sensitive customer data.
South Korean authorities have signaled that penalties could follow if investigators find violations of data protection laws. The incident has also sparked discussions about strengthening corporate cybersecurity obligations and increasing fines for large-scale data leaks.
Broader Implications for Data Protection
The Coupang data breach is being viewed as a turning point for South Korea’s digital economy. With online platforms holding vast amounts of personal information, the case highlights how insider access, weak credential controls, and slow detection can amplify the impact of a single security failure.
As the investigation continues, regulators are expected to examine whether existing safeguards are sufficient for companies operating at Coupang’s scale. The outcome may shape future enforcement standards and influence how organizations manage employee access and breach monitoring.
Final Thoughts
The ongoing police investigation into the Coupang data breach underscores the growing risks facing major digital platforms handling sensitive customer data. With millions of users affected and senior leadership already facing consequences, the case serves as a stark reminder that delayed detection and poor access management can carry severe legal and reputational costs. Authorities are expected to release further findings as forensic analysis continues.
