An information breach at Coupang that uncovered the knowledge of 33.7 million prospects has been tied to a former worker who retained entry to inner programs after leaving the corporate.
This was shared by the Seoul Metropolitan Police Company with native information retailers, following an investigation that included a raid on the agency’s workplaces earlier this week.
Coupang is South Korea’s largest on-line retailer, using 95,000 folks and producing annual income of over $30 billion.
On December 1, 2025, the corporate introduced that it had suffered a knowledge breach that uncovered the non-public information of 33.7 million prospects, together with names, e-mail addresses, bodily addresses, and order data.
The breach occurred on June 24, 2025, however Coupang solely found it on November 18, when it additionally launched an inner investigation.
On December 6, Coupang revealed an replace on the incident, assuring its prospects that the stolen data had not been leaked wherever on-line.
Regardless of these assurances and the corporate’s claimed full collaboration with the authorities, the police raided the corporate’s workplaces on Tuesday to gather proof for an impartial investigation.
On Wednesday, the corporate’s CEO, Park Dae-Jun, introduced his resignation and apologized to the general public for failing to cease what’s the nation’s worst cybersecurity breach in historical past.
Because the police continued their investigations in Coupang’s workplaces for a second day, they uncovered that the first suspect was a 43-year-old Chinese language nationwide who was a former worker of the retail large.
In accordance with JoongAng, the person, who joined Coupang in November 2022, was assigned to an authentication administration system and left the agency in 2024. He’s believed to have already left the nation.
The Korean information outlet stories that the police had been nonetheless at Coupang’s workplaces yesterday, gathering data reminiscent of inner paperwork, logs, system data, IP addresses, consumer credentials, and entry histories that might assist clarify how the rogue former worker gained entry to the company programs.
Supply: Korea JoungAng Every day
The police have said that, whereas Coupang is handled because the sufferer, if negligence or different authorized violations are discovered, the corporate and workers accountable for defending buyer information could also be deemed liable.
Within the meantime, the incident has sparked high-volume phishing exercise within the nation, affecting roughly two-thirds of its inhabitants, and the police have acquired tons of of stories of Coupang impersonation for the reason that begin of the month.
Damaged IAM is not simply an IT drawback – the impression ripples throughout your complete enterprise.
This sensible information covers why conventional IAM practices fail to maintain up with fashionable calls for, examples of what “good” IAM seems to be like, and a easy guidelines for constructing a scalable technique.
