The Seoul Metropolitan Police has identified the suspect of a large-scale data breach affecting Coupang, an Amazon-like e-commerce platform that is popular in South Korea.
The incident dates back June 2025, when Coupang detected unauthorized access to delivery-related personal information from an overseas location.
Early reports suggested 4500 accounts were believed to be affected. However, the company now estimates that the personal data of 33.7 million customers has been exposed, including names, emails, email addresses and phone numbers.
The reviewed impact of the Coupang data breach was shared in a November 29 update reported by Yonhap, South Korea’s national news agency.
Payment information, credit card numbers and login credentials were not accessed, noted Coupang.
“The access route has been blocked and internal monitoring strengthened,” Coupang said in a November 20 press release.
Seoul Police Identify Data Breach Suspect
On December 1, Yonhap reported that the Seoul Metropolitan Police had identified a suspect and was tracking them, following a one-week investigation prompted by Coupang’s formal complaint against an unidentified person on charges of intruding into an information and communications network.
The individual, believed to be a former Coupang employee, is a Chinese national who has since left South Korea. The police are still investigating whether the individual is the person who sent an email to Coupang threatening to disclose the breach.
“We are analyzing server logs submitted by Coupang,” an official with the Seoul Metropolitan Police told Yonhap.
“We have secured the IP used by the suspect in the crime and are tracking them down.”
The official said the police are working together with relevant ministries to prepare to analyse voice phishing (vishing) or SMS phishing (smishing) samples in connection with the data breach.
