Police in South Korea are investigating one of the country’s worst data breaches in a decade at its largest e-commerce platform, and their key suspect could be a former Chinese employee who worked at the company.
The personal data of 33.7 million customers was leaked in the months-long breach at the country’s e-commerce giant Coupang, which said exposed information included users’ names, email addresses, phone numbers, shipping addresses and certain order histories. Payment details or login credentials were not exposed, it said.
Coupang has previously said it has 34 million monthly active users, meaning the breach exposed records of almost its entire user base, The Korea Herald reported. That would make this leak one of the largest e-commerce data breaches in Korean history, it added.
Also on AF: Toll From Floods, Cyclones in Sri Lanka, Southeast Asia Tops 1,300
The company said the leak began on June 24 through overseas servers. It did not learn of the problem until November 18, at which time it believed the breach was limited to 4,500 user records.
On Saturday, the company notified authorities of the much bigger scope of the breach.
South Korean police said on Monday they were tracing IP addresses and looking into possible tech vulnerabilities at Coupang.
Broadcaster JTBC has reported that after conducting an internal investigation, Coupang suspects that a Chinese former employee, who was responsible for authentication tasks, was a key figure in the data breach.
A former employee used their authentication key that was still active after the termination of the person’s contract to get access to customer information, lawmaker Choi Min-hee said in a statement on Monday.
Police and Coupang declined to comment on possible suspects.
Class-action lawsuit
South Korea’s Science Minister Bae Kyung-hoon said on Sunday the perpetrator had “abused authentication vulnerabilities” in Coupang’s servers.
Authorities would be investigating whether the company violated rules regarding the protection of personal information.
New York-listed shares of Coupang, which is backed by Japan’s SoftBank Group, were down around 9% in pre-market trading.
Coupang, founded by Korean-American Harvard graduate Bom Kim in 2010, is South Korea’s most popular e-commerce platform.
It has overtaken family-owned conglomerates like Shinsegae in South Korean e-commerce and is also expanding into food delivery, streaming and fintech.
As of Monday afternoon, internet postings showed that more than 10,000 people planned to join a possible class action lawsuit against Coupang.
Lawyer Ha Hee-bong said the potential class action could seek compensation of more than 100,000 won ($68) per person.
Kang Hoon-sik, South Korean presidential chief of staff, on Monday said four major data leak incidents since 2021 showed “structural loopholes” in personal information protection in South Korea.
In August, the country’s largest mobile carrier SK Telecom was fined about 134 billion won ($96.53 million) after a cyberattack this year caused the leak of data for nearly 27 million users.
Kang also said the latest incident involving Coupang should be an opportunity to improve the punitive damage system, which he said was not enforced in a way that would prevent massive data compromise.
- Reuters, with additional editing and inputs from Vishakha Saxena
Also read:
Samsung, SK Hynix Building ‘Stargate Korea’ Using Open AI
China’s Sanctions on Hanwha Target US-Korean Shipbuilding Plan
Cybercrime Epidemic Casts Shadow on ASEAN as Summit Looms
North Korean Phone Appears to Monitor User’s Activity – BBC
North Korea Using AI to Boost Surveillance, Study Claims
North Korea Hackers Share Networks With SE Asia Crime Gangs
US Seizes Website Domains Used by North Korean IT Workers
North Korea Declares Itself a Nuclear State, Vows More Missiles
North Korea Leader Kim Orders War Preparations, Sacks General
Kim Jong Un in Russia ‘For Talks on Arms, Tech and Food’
