South Korea’s largest online retailer, Coupang, apologised on Sunday after personal information from 33.7 million customer accounts was taken through unauthorised access. The company’s chief executive, Park Dae-jun, said sorry on the firm’s website and asked customers to accept the apology.
Coupang said the breach exposed names, email addresses, phone numbers, shipping addresses and some order histories. The company said payment details and login passwords were not taken. It believes the unauthorised access began on June 24 through overseas servers, and that it first learned of the problem on November 18 and reported it to the authorities.
The government held an emergency meeting and is checking whether the company broke rules on protecting personal data. The Korea Internet & Security Agency warned people affected to watch out for phishing scams. Coupang said it is working with police and regulators to find out what happened.
Yonhap reported that a former Chinese employee of Coupang is suspected of being behind the breach, and police are investigating after the company filed a complaint. The company serves many Koreans with its fast “Rocket” deliveries and had about 24.7 million active users in the third quarter, making the incident a major concern for customers and regulators.