Seoul: Anxiety and frustration are mounting following a massive data breach at e-commerce giant Coupang that local observers noted Sunday may have been ongoing for months. On Saturday, the U.S.-listed company confirmed personal information belonging to 33.7 million customers -- nearly its entire user base -- had been compromised.
According to Yonhap News Agency, the breached data includes names, phone numbers, email addresses, and delivery addresses. The company stated that payment information, credit card numbers, and login credentials were not affected. "Unauthorized access to delivery-related personal information for the affected accounts appears to have been made through overseas servers since June 24," the company disclosed.
The government on Sunday held an emergency meeting of relevant ministries, led by Science Minister Bae Kyung-hoon, and vowed to conduct a thorough investigation into the incident. "The government received a report about a data breach from Coupang on Nov. 19 and launched a probe the following day," said Bae. He added that the unidentified attacker exploited a vulnerability in Coupang's server verification process to leak the personal data of more than 30 million users.
"The private-public joint team is conducting a comprehensive investigation and devising measures to prevent further damage," he continued. "Investigators are also examining whether Coupang violated security guidelines on data protection." The police reportedly have identified at least one suspect in the case, informed sources said.
The suspect is believed to be a former Chinese employee of Coupang, who is no longer with the company and has left the country, according to the sources. The police launched an investigation after receiving a complaint on Tuesday. The company first discovered the breach on Nov. 18 and notified authorities within two days. Coupang initially reported a leak affecting approximately 4,500 customers.
As the scope of the breach proves far larger than the 4,500 accounts initially reported and extends back several months earlier than first believed, customers have expressed serious concerns about the potential misuse of their compromised information. The incident surpasses SK Telecom's data leak in April, affecting 23.2 million users, which resulted in a record fine of 134.8 billion won.
The full extent of the damage may increase as the investigation progresses. In a recent data breach case, Lotte Card initially denied on Sept. 4 that financial details had been breached, but retracted the statement two weeks later, admitting sensitive information including credit card numbers had been compromised.
Coupang offered a public apology Sunday over the data breach incident. "We express our regret for the recent incident at Coupang that began on June 24," the company said in a statement issued under the name of its Chief Executive Officer (CEO) Park Dae-jun. "We sincerely apologize for causing significant inconvenience and concern to the public." The company stated it will make utmost efforts to strengthen its data protection and security systems and will fully cooperate with authorities to prevent further damage.