Coupang reports data breach exposing personal data of almost 34 million customers

South Korean e-commerce company Coupang reports a data breach incident that exposed the personal information of approximately 4,500 customers after an incident on November 18, 2025. 

The investigation confirmed that attackers gained access to delivery-related personal information. Coupang blocked the access route used by the intruder and reported the incident to South Korean authorities, including the Ministry of Science and ICT, the Korea Internet & Security Agency, and the Personal Information Protection Commission.

The compromised data includes:

• Customer names
• Email addresses
• Saved delivery addresses with phone numbers
• Records of the five most recent orders placed by each affected customer

The nature of the attack is not disclosed. The company notified affected customers on November 20, 2025.

The company claims that as of the notification date, no instances of misuse of the accessed information had been identified. However, as a precautionary measure, Coupang advised customers to be careful oof texts and phone calls claiming to be from company officials, indicating concerns about potential follow-up phishing or social engineering attacks targeting the exposed customer base.

Update - as of 29th of November 2025, Coupang reports that 33.7 million customer accounts had personal information exposed in the incident, a massive jump from the originally reported 4,500 exposed accounts. The breach is suspected to involve a former Chinese employee who used an authentication key that remained active after their contract termination.

As of 9th of December 2025, South Korean police raided the headquarters of Coupang, searching for evidence related the data breach. Police said they were looking for evidence that could help them determine how the breach took place as well as the personal information of the hacker.

As of 25th of December, Coupang claims that all customer information leaked from the South Korean company has been deleted by the suspect. South Korea’s Science Ministry said that the incident is under investigation and that the allegations raised by Coupang have not been confirmed by the authorities.

As of 29th of December 2025, Coupang is launching a massive compensation program following a major data breach in South Korea. The company committed over $1 billion in vouchers to appease approximately 33.7 million customers whose personal information was stolen. 

As of February 5, 2026, Coupang confirmed that an additional 165,000 users were impacted by the incident.

As of 24th February 2026, Coupang reports that the incident also affected 200,000 Coupang Taiwan customers.