South KoreaBleepingComputerCoupang to split $1.17 billion among 33.7 million data breach victims
Monday, December 29, 2025
What
Coupang, a major U.S.-based online retailer operating in South Korea, disclosed a significant data breach affecting 33.7 million customers, exposing names, email addresses, physical addresses, and order information. In response, the company committed $1.17 billion in total compensation, distributed as four single-use purchase vouchers totaling 50,000 won (around $34) per customer, starting January 15, 2026. The breach, which occurred on June 24 but was discovered in mid-November, was attributed to a former IT employee who accessed customer data.
Where
The primary impact is on customers in South Korea, where Coupang operates as the largest retailer. The company itself is a U.S.-based tech and online retail firm.
When
The data breach occurred on June 24, but was discovered in mid-November. The compensation announcement was made on December 29, 2025, with distribution set to begin on January 15, 2026. The perpetrator worked for Coupang between November 2022 and some point in 2024.
Key Factors
- •The breach was attributed to a 43-year-old Chinese national who previously worked in Coupang's IT department, highlighting the critical insider threat posed by disgruntled or malicious former employees with retained system access.
- •Investigators, including national police and cybersecurity firms like Mandiant and Palo Alto Networks, successfully recovered crucial evidence, including the former employee's desktop hard drives and a MacBook Air laptop retrieved from a river where it was disposed of to destroy evidence.
- •While the perpetrator accessed 33 million accounts, Coupang's investigation indicates that user data was retained from approximately 3,000 accounts, and the company asserts the data was not transferred to third parties and was subsequently deleted from the suspect's devices.
Takeaways
- →Organizations must implement robust offboarding procedures to immediately revoke all system access for departing employees, especially those in privileged IT roles, to prevent insider threats and data exfiltration.
- →The substantial compensation package and the involvement of national police and external cybersecurity experts underscore the severe reputational and financial consequences of large-scale data breaches, particularly in highly regulated markets.
- →Companies should regularly audit and monitor employee access to sensitive data, employing data loss prevention (DLP) solutions and user behavior analytics (UBA) to detect unusual activity and prevent unauthorized data exfiltration.
Opens original article on BleepingComputer
