Coupang has confirmed that personal information from about 33.7 million customer accounts was exposed. The figure is sharply higher than the 4,500 cases first reported on Nov. 18.
Coupang said the exposed data was limited to names, email addresses, address books containing names, phone numbers and addresses, and some order information. It said payment information, credit card numbers and login details were not included.
Coupang said the incident is believed to have stemmed from unauthorised access through overseas servers. It said it views June 24, 2025, as the initial access date. The company said it blocked the access path after confirming the breach, strengthened internal monitoring and hired external security experts to investigate.
Coupang said customers do not need to take separate action because payment and login data were not leaked. It urged caution against calls or messages impersonating the company due to the risk of smishing.
Coupang apologised for the inconvenience and concern caused and said all employees are focusing on resolving the issue and carrying out follow-up measures.
Seulgi Son
sageson@d-today.co.kr