Coupang faces criticism for months-long customer data breach

A former Coupang employee suspected of involvement in the company’s massive personal data leak resigned in December last year. Even after leaving the company, the employee continued to access customer information for nearly a year using an electronic signature key that remained active in Coupang’s internal authentication system without restrictions.

During a policy inquiry session of the National Assembly’s Committee on Science, ICT, Broadcasting and Communications on Dec. 2, lawmakers confirmed that the leak continued for about five months, from June 24 to Nov. 8. Since the inquiry also confirmed that the individual left the company in December last year, further investigation could reveal that both the duration of the leak and the volume of compromised data are greater than currently known.

Coupang CEO Park Dae-jun said the employee was not responsible for authentication operations but was a developer who built the authentication system,” adding, “All access privileges for former employees have been revoked.” However, the company did not provide clear answers on how customer information could still be leaked after the employee left or why the authentication key remained accessible. The individual is reportedly now in China, and authorities plan to request investigative cooperation from Chinese law enforcement in the coming days.

Lawmakers from both parties strongly criticized Coupang for what they described as a lax response to the massive data breach. Rep. Han Min-su of the Democratic Party of Korea said, “The year 2025 will be remembered as the year when the true nature of Coupang, the country’s top e-commerce platform with annual sales exceeding 40 trillion won, was exposed.” Committee Chair Choi Min-hee cited the company’s inadequate responses and raised the possibility of holding a parliamentary hearing.


남혜정 기자 namduck2@donga.com