South Korea’s largest online retailer, Coupang, has publicly apologized after confirming a massive breach of personal data affecting 33.7 million customer accounts. The company disclosed the breach on November 29–30, 2025, reporting the incident immediately to authorities and launching cooperation with law enforcement and regulators.

The exposed information includes users’ names, email addresses, phone numbers, shipping addresses, and parts of order histories — but according to Coupang, payment information and login credentials were not compromised.

The breach is believed to have begun on June 24, 2025, via unauthorized access through overseas servers, and went undetected until November 18. The intrusion is suspected to have been carried out by a former employee now reportedly outside of South Korea.

In a statement, Coupang’s CEO Park Dae-jun said: “We sincerely apologise once again for causing our customers inconvenience.” The company pledged to strengthen internal security measures and work closely with authorities.

The data breach has triggered broad concern from both customers and regulators. The Korea Internet & Security Agency (KISA) issued warnings urging affected users to be alert for potential phishing calls, texts or other scam attempts spoofing the company.

As the investigation continues, the incident raises serious questions about internal data-protection practices at major tech and e-commerce firms in South Korea — especially when former employees are suspected of insider data leaks.

For now, Coupang urges its customers to remain vigilant, though it says no action is required regarding their accounts. Still, with personal contact and delivery data now exposed, experts warn that risk of phishing or identity-theft attempts could rise significantly.