Coupang Breach Affecting 33.7 Million Users Raises Data Protection...

Coupang, South Korea's leading e-commerce platform, recently disclosed a data breach affecting 33.7 million customer accounts which is equivalent to nearly two-thirds of the Korean population.

This represents the largest e-commerce security incident in South Korea's history and could result in fines of up to $900 million (approximately 1.2 trillion KRW).

This breach exposed vulnerabilities in data protection systems, particularly for e-commerce platforms that handle sensitive data including transaction histories, delivery addresses, and payment methods.

The scale of the incident has raised concerns among customers and industry observers.

On November 29, Coupang confirmed the unauthorized exposure of user names, phone numbers, email addresses, delivery address books, and purchase details.

While the company detected unusual access on November 6 at 6:38 PM KST, it did not fully identify the breach until November 18 at 10:52 PM which is more than 12 days later.

Investigations revealed that attackers had accessed customer data via overseas servers for nearly five months, from June 24 to November 8.

A former Coupang employee has been identified as a prime suspect. The individual had access to authentication services and retained access keys post-resignation, enabling the breach.

The leaked information was not subject to mandatory encryption under Korean law. Currently, the Personal Information Protection Act in South Korea requires encryption only for payment data such as credit card numbers and unique identifiers like resident registration numbers.

Although information such as names, addresses, phone numbers, email addresses, and purchase history may seem less critical, combining these data points can create security risks.

Source: BleepingComputer