Ex-Chinese Worker ‘Key’ to Korea’s Worst Data Breach in Decade

December 1, 2025

The personal data of 33.7 million customers was leaked in a months-long breach at South Korea’s e-commerce giant Coupang. Users’ names, emails, phone numbers and other details were exposed


Coupang CEO Park Dae-jun makes a public apology over the breach of personal information from 33.7 million customer accounts through unauthorised data access, at the Government Complex in Seoul, South Korea. Photo: Yonhap via Reuters

 

Police in South Korea are investigating one of the country’s worst data breaches in a decade at its largest e-commerce platform, and their key suspect could be a former Chinese employee who worked at the company.

The personal data of 33.7 million customers was leaked in the months-long breach at the country’s e-commerce giant Coupang, which said exposed information included users’ names, email addresses, phone numbers, shipping addresses and certain order histories. Payment details or login credentials were not exposed, it said.

Coupang has previously said it has 34 million monthly active users, meaning the breach exposed records of almost its entire user base, The Korea Herald reported. That would make this leak one of the largest e-commerce data breaches in Korean history, it added.

 

The company said the leak began on June 24 through overseas servers. It did not learn of the problem until November 18, at which time it believed the breach was limited to 4,500 user records.

On Saturday, the company notified authorities of the much bigger scope of the breach.

South Korean police said on Monday they were tracing IP addresses and looking into possible tech vulnerabilities at Coupang.

Broadcaster JTBC has reported that after conducting an internal investigation, Coupang suspects that a Chinese former employee, who was responsible for authentication tasks, was a key figure in the data breach.

A former employee used their authentication key that was still active after the termination of the person’s contract to get access to customer information, lawmaker Choi Min-hee said in a statement on Monday.

Police and Coupang declined to comment on possible suspects.

 

Class-action lawsuit

South Korea’s Science Minister Bae Kyung-hoon said on Sunday the perpetrator had “abused authentication vulnerabilities” in Coupang’s servers.

Authorities would be investigating whether the company violated rules regarding the protection of personal information.

New York-listed shares of Coupang, which is backed by Japan’s SoftBank Group, were down around 9% in pre-market trading.

Coupang, founded by Korean-American Harvard graduate Bom Kim in 2010, is South Korea’s most popular e-commerce platform.

It has overtaken family-owned conglomerates like Shinsegae in South Korean e-commerce and is also expanding into food delivery, streaming and fintech.

As of Monday afternoon, internet postings showed that more than 10,000 people planned to join a possible class action lawsuit against Coupang.

Lawyer Ha Hee-bong said the potential class action could seek compensation of more than 100,000 won ($68) per person.

Kang Hoon-sik, South Korean presidential chief of staff, on Monday said four major data leak incidents since 2021 showed “structural loopholes” in personal information protection in South Korea.

In August, the country’s largest mobile carrier SK Telecom was fined about 134 billion won ($96.53 million) after a cyberattack this year caused the leak of data for nearly 27 million users.

Kang also said the latest incident involving Coupang should be an opportunity to improve the punitive damage system, which he said was not enforced in a way that would prevent massive data compromise.

 

  • Reuters, with additional editing and inputs from Vishakha Saxena

 

Vishakha Saxena

Vishakha Saxena is the Multimedia and Social Media Editor at Asia Financial. She has worked as a digital journalist since 2013, and is an experienced writer and multimedia producer. As a trader and investor, she is keenly interested in new economy, emerging markets and the intersections of finance and society. You can write to her at [email protected]

