Korean company Coupang says the data breach exposed the personal information of about 34 million customers

South Korean e-commerce platform Coupang said over the weekend that the personal information of nearly 34 million Korean customers had been leaked in a data breach that has been ongoing for more than five months.

The company said it first discovered the unauthorized exposure of 4,500 user accounts on November 18, but subsequent investigation revealed that the hack had actually affected about 33.7 million customer accounts in South Korea.

The breach affected customer names, email addresses, phone numbers, shipping addresses and the history of certain orders, according to Coupang. The company said that more sensitive data such as payment information, credit card numbers and login credentials were not compromised and remain secure.

Coupang said it reported the incident to the Korea Internet Security Agency (KISA), the Personal Information Protection Commission (PIPC), and the National Police Agency.

Coupang is one of the largest e-commerce platforms in South Korea, and also offers an express commerce service called “Rocket Delivery” in the country, and also operates its own marketplace in Japan and Taiwan. A Coupang spokesperson told TechCrunch that the investigation found no evidence that consumer data from Coupang Taiwan or Rocket Now was affected in the data breach.

“According to the investigation to date, unauthorized access to personal information is believed to have begun on June 24, 2025, via external servers,” the company said. “Coupang has blocked the unauthorized access route, strengthened internal monitoring, and hired experts from a leading independent security firm.”

The police have It is said It identified at least one suspect, a former Chinese Coupang employee currently abroad, after launching an investigation following a November 18 complaint.

This is the latest in A series of cybersecurity incidents in South Korea this year. Coupang itself has experienced several data breaches that have occurred exposed client and Delivery drivers information In previous years. Past incidents included leaks between 2020 and 2021, most recently in December 2023when its vendor management system compromised the personal information of more than 22,000 customers.