Key Points
- E-commerce giant Coupang suffered a data breach affecting 33 million customers in South Korea.
- The hack began in June but went undetected by the company for nearly five months until November.
- A former employee is suspected of using an old, active authentication key to steal the data.
- Thousands of angry customers are organizing a class-action lawsuit against the company.
South Korea’s e-commerce leader, Coupang, is now under investigation after suffering the country’s worst data breach in more than a decade. The personal information of over 33 million customers was stolen, causing the company’s stock to slide and sparking outrage among its users.
The massive breach is believed to have started on June 24, but the company shockingly didn’t learn about the problem until November 18. According to South Korea’s Science Minister, the hackers “abused authentication vulnerabilities” in Coupang’s servers to gain access.
The stolen data includes customer names, emails, phone numbers, and shipping addresses, though the company insists that payment details and passwords were not compromised.
Suspicion is now falling on a former employee. News reports suggest that Coupang believes a former Chinese employee, who handled authentication tasks, may be a key figure in the breach. One lawmaker stated that a former employee used an active authentication key after their contract was terminated, allowing them to access customer information. Both the police and Coupang have refused to comment on potential suspects.
The public reaction has been swift and angry. Internet posts show that over 10,000 people are already planning to join a class-action lawsuit against the company. A lawyer involved said they could seek over $68 in compensation per affected person.
The incident has also drawn criticism from the government, with a top official pointing to “structural loopholes” in the nation’s data protection laws and calling for stronger penalties to prevent future breaches.
