Top South Korean e-commerce firm Coupang apologises over massive data breach

By Ju Min Park

SEOUL, Nov 30 (Reuters) – South Korea’s largest online retailer Coupang apologized on Sunday for the breach of personal information on 33.7 million customer accounts through unauthorized data access.

“Once again, we sincerely apologize for any inconvenience to our customers,” Park ‌Dae-jun, CEO of the company called South Korea’s Amazon.com, said on its website.

The incident was the latest in a series of data leaks at major South Korean companies, including SK Telecom.

Science and ICT Minister Bae Kyung-‍hoon said the government, which held an emergency meeting on Sunday, is investigating whether Coupang violated security rules on protecting personal information.

Coupang said in a statement on Saturday that it learned of the data breach on Nov. 18 and reported it to authorities. He said he was working with law enforcement and regulatory authorities.

The company, whose services are ubiquitous to many Koreans who use its “Rocket” express deliveries, said it had 24.7 million active business users in the third quarter.

Yonha News Agency reported Sunday that a former Chinese employee at Coupang was suspected of being behind the breach. Yonha said Coupang filed a complaint with police this month and police investigated, without naming sources of information.

Coupang could not immediately be reached for comment after business hours.

Coupang said the breach exposed customers’ names, email addresses, phone numbers, shipping addresses and certain order histories, but not payment details or login credentials.

It was stated that it is believed that unauthorized access to personal information began on June 24 through offshore servers.

The government-run Korean Internet and Security ⁠Agency issued a public advisory for those affected by the breach, warning them about phishing scams.

‌(Reporting by Ju-min Park, Seoul; Editing by Matthew ‌Lewis, Sonali Paul and William Mallard)