Coupang Breach Proves We're Asking The Wrong Question About Data...

Posted on Dec 23

• Originally published at harwoodlabs.xyz

The cybersecurity industry just witnessed South Korea's largest e-commerce breach, with Coupang exposing 33.7 million customer records to attackers who had unfettered access for five months. The predictable chorus has begun: better encryption, stronger access controls, improved monitoring. Industry vendors are already positioning their solutions as the answer.

The Coupang breach isn't a failure of cybersecurity,it's a damning indictment of business models built on compulsive data hoarding. While security professionals debate encryption standards and access management, we're ignoring the fundamental question: why did Coupang need to collect and store most of this data in the first place?

The uncomfortable truth is that modern e-commerce platforms have become data vacuum cleaners, sucking up every possible data point not because they need it operationally, but because the surveillance economy has convinced us that more data always equals more value. We've built businesses on the assumption that collecting everything is not just acceptable, but essential for competitiveness.

Look at what actually leaked from Coupang: user names, phone numbers, email addresses, delivery address books, and purchase histories. On the surface, this seems like the minimum viable dataset for an e-commerce operation. You need to know who's buying, where to ship it, and how to contact them about problems.

But dig deeper into modern e-commerce data practices, and the operational necessity quickly evaporates.

Take delivery addresses. Coupang stored complete "address books" for users,not just their current shipping address, but historical addresses, alternative addresses, workplace addresses, addresses of family members they've shipped gifts to. The operational requirement is knowing where to deliver today's order. Everything else is surveillance dressed up as convenience.

Purchase history presents an even starker example. Coupang maintained detailed records of what customers bought, when they bought it, how much they paid, and likely much more granular behavioral data. The operational requirement for purchase history extends maybe 30-60 days for returns and customer service. Everything beyond that serves one purpose: building psychological profiles for marketing and behavioral manipulation.

Phone numbers reveal the same pattern. E-commerce platforms collect multiple phone numbers per user,home,

Source: Dev.to