South Korean e-commerce giant Coupang is grappling with one of the country's largest data breaches after unauthorized access to its systems compromised the personal information of nearly 34 million customers.

The intrusion went undetected for over five months before being discovered, the company confirmed.

The breach, which affected approximately 33.7 million user accounts in South Korea, was initially thought to be limited. On November 18, Coupang identified that about 4,500 accounts had been exposed. However, a subsequent investigation revealed the true scale of the incident, tracing the unauthorized access back to June 24, 2025.

According to information shared with TechCrunch, the compromised data includes customer names, email addresses, phone numbers, shipping addresses, and partial order histories. The company stated that more sensitive financial data, such as payment information and login passwords, remained secure and was not accessed.

Coupang, which operates the popular "Rocket Delivery" service and is a major retail force in Asia, has reported the incident to South Korean authorities. Police have identified at least one suspect: a former Chinese employee of the company who is now residing abroad. The company confirmed that its marketplaces in Japan and Taiwan were not affected.

This breach represents a severe security and reputational lapse for the online retailer, which has suffered smaller data leaks in the past. It strikes a significant blow to consumer trust in a platform used by a vast majority of South Korea's population.

The incident is part of a troubling trend of major cybersecurity failures in South Korea this year, raising renewed concerns about data protection standards in the country's digital economy. Coupang stated it is notifying affected customers and has urged users to monitor their accounts for suspicious activity.

Analysts say the breach underscores the persistent vulnerabilities within global e-commerce infrastructures and serves as a critical reminder for corporations to continuously audit and fortify their cyber defenses. The fallout is likely to intensify scrutiny from regulators and may prompt broader calls for legislative action on data security. (ILKHA)