South Korea is facing its most serious cybersecurity scandal to date after investigators traced the massive Coupang data breach to a former employee who retained access to internal systems long after leaving the company. The revelation has intensified scrutiny on the e-commerce giant, triggered police raids, and forced the company’s CEO to resign.
How the Coupang data breach came to light
Coupang first disclosed the incident on December 1, 2025. At the time, the company admitted that personal data belonging to 33.7 million customers had been exposed. The compromised information included names, email addresses, physical addresses, and order histories.
However, the timeline immediately raised questions. The breach itself occurred on June 24, yet Coupang claims it only detected the intrusion on November 18, nearly five months later. That delay alone sparked public outrage and regulatory concern.
Although Coupang assured customers that the stolen data had not surfaced online, authorities chose to proceed independently. Earlier this week, the Seoul Metropolitan Police Agency raided Coupang’s offices to secure internal evidence.
Former employee identified as main suspect
As the investigation progressed, police identified a 43-year-old former employee as the primary suspect behind the breach. According to local reports, the individual joined Coupang in late 2022 and worked on an authentication management system, a highly sensitive area of the company’s infrastructure.
Despite leaving the company in 2024, the former employee allegedly retained system access. Investigators believe he exploited that access months later to extract customer data. Authorities also say the suspect has already left South Korea, complicating the investigation.
This detail has shifted the narrative dramatically. Instead of an external cyberattack, the Coupang data breach now appears to stem from internal access failures — one of the most damaging scenarios for any large technology company.
Police raid deepens scrutiny of Coupang’s security practices
During a second day of searches, police collected internal documents, access logs, IP records, authentication histories, and system credentials. Investigators are now working to determine how access controls failed and why privileges were not revoked after the employee’s departure.
While authorities currently classify Coupang as the victim, they have made one point clear: if negligence is proven, the company — and specific employees responsible for data protection — could face legal liability.
This stance places Coupang under intense pressure, especially given its scale. The company employs roughly 95,000 people and generates more than $30 billion in annual revenue, making it South Korea’s largest online retailer.
CEO resigns as fallout escalates
On Wednesday, Coupang CEO Park Dae-Jun announced his resignation. In a public statement, he apologized for failing to prevent what officials now describe as the worst cybersecurity breach in South Korea’s history.
The resignation did little to calm public anger. Instead, it underscored the severity of the incident and reinforced concerns that basic internal security controls may have failed at the highest levels.
Phishing surge follows the Coupang data breach
Meanwhile, the breach has already produced real-world consequences. Police report a sharp rise in phishing attacks impersonating Coupang, affecting an estimated two-thirds of South Korea’s population. Authorities have received hundreds of complaints since the beginning of the month.
Even without confirmed data leaks on underground forums, the exposed customer information has proven enough to fuel large-scale fraud attempts.
Why the Coupang data breach matters beyond Korea
The case highlights a growing global problem: insider risk combined with delayed detection. As companies expand rapidly, access management failures can create silent vulnerabilities that remain undetected for months.
The Coupang data breach now serves as a cautionary example for enterprises worldwide. Strong perimeter defenses mean little if internal access controls are not rigorously enforced and audited.
As the investigation continues, regulators, consumers, and global tech firms alike will be watching closely. The outcome may shape how companies handle employee access — and how governments respond when internal failures expose millions.
Read also
Join the discussion in our Facebook community.