Coupang hit by major data breach in South Korea

South Korea's largest e-commerce platform, Coupang, has confirmed a massive data breach, marking one of the most significant cybersecurity incidents in the country in 2025. The company revealed that sensitive information belonging to customers and employees may have been accessed in what investigators describe as a “highly sophisticated intrusion.” 

How the breach occurred

According to preliminary reports, unauthorized access was detected in Coupang’s internal systems, prompting an immediate shutdown of affected servers. Security teams discovered anomalies suggesting that hackers had infiltrated parts of the company’s customer-management infrastructure. Investigators are still assessing whether payment-related data was compromised. 

Early findings indicate that the attackers exploited vulnerabilities in third-party service integrations — a method increasingly used against global e-commerce platforms.

What data may be exposed

Coupang stated that the compromised datasets may include:

• Customer profiles
• Order history
• Contact information
• Employee identification records

While the company has not confirmed exposure of financial data, authorities have warned users to monitor accounts for suspicious activity.

Government response & investigation

South Korea’s Personal Information Protection Commission (PIPC) has launched a formal inquiry, calling it one of the largest corporate data-security failures of the year. Regulators have demanded detailed timelines, forensic reports, and proof of compliance with mandatory cybersecurity standards. 

The Commission may impose significant financial penalties if negligence is found, especially given Coupang’s critical role in South Korea’s digital economy.

Impact on consumers and businesses

The breach has raised broad concerns about data security within Asia’s rapidly expanding e-commerce sector. With Coupang processing millions of transactions daily, any prolonged disruption or loss of trust could affect both its market position and the wider consumer landscape.

Cybersecurity analysts warn that the breach may trigger copycat attacks against other platforms using similar third-party integrations, pushing companies to accelerate adoption of zero-trust frameworks.