Seoul, December 02, 2025
South Korea’s largest e-commerce platform, Coupang, has disclosed a major data breach affecting nearly 34 million customer accounts. The breach, which occurred between June and November 2025, involved unauthorized access via exploitation of the company’s electronic signature key, potentially exposing sensitive personal and transaction data.
Scope and Impact of the Breach
This incident compromises approximately 33.7 to 34 million users, representing nearly half of South Korea’s population. As the dominant player in the country’s e-commerce sector, Coupang’s vast customer base being compromised raises immediate concerns about the extent and sensitivity of the exposed data. The breach potentially affects a wide spectrum of individuals, intensifying risks of identity theft and financial fraud.
Cause of the Breach
Authorized officials have confirmed that attackers exploited Coupang’s electronic signature key, a critical security credential used for validating transactions and communications. This security gap allowed unauthorized parties to penetrate the company’s data systems and access protected customer information over several months.
Corporate and Government Response
Coupang has publicly acknowledged the breach, issuing an apology and communicating its commitment to cooperate fully with South Korean authorities. The company is actively working to contain the situation, investigate the breach in depth, and enhance its cybersecurity infrastructure to prevent future incidents. Government agencies have confirmed the timeline of the breach and the method of compromise, underscoring the seriousness of the security lapse.
National Significance and Security Concerns
Given Coupang’s pivotal role in South Korea’s digital economy, the breach stands as one of the largest and most impactful in the nation’s history. It highlights significant vulnerabilities in data protection practices and the risks inherent in managing sensitive digital credentials like electronic signature keys. The incident also draws attention to the persistent dangers of insider threats and inadequate cybersecurity measures in major business operations.
Recommendations for Customers and Businesses
Affected customers are urged to remain vigilant by monitoring their accounts for any unusual activities, promptly changing passwords, and enabling two-factor authentication wherever available. For other businesses, this breach serves as a critical reminder to rigorously audit and secure electronic signature keys and review access controls to limit exposure to similar attacks.
As Coupang and regulatory bodies work to manage the aftermath, this breach exemplifies the urgent need for strengthened cybersecurity protocols not only across South Korea but worldwide, especially in e-commerce platforms that handle extensive personal data and financial transactions.