Coupang
Company Details
Linkedin ID:
coupang
Website:
Employees number:
7,994
Number of followers:
226,701
NAICS:
5112
Industry Type:
Homepage:
coupang.jobs
IP Addresses:
0
Company ID:
COU_3116959
Scan Status:
In-progress
Coupang Company CyberSecurity Posture
coupang.jobs
We exist to wow our customers. We know we’re doing the right thing when we hear our customers say, “How did I ever live without Coupang?” Born out of an obsession to make shopping, eating, and living easier than ever, we are collectively disrupting the multi-billion-dollar commerce industry from the ground up and establishing an unparalleled reputation for being one of many high-performing companies and reliable force in South Korean commerce. We are proud to have the best of both worlds — a startup culture with the resources of a large global public company. This fuels us to continue our growth and launch new services at the speed we have been since our inception. We are all entrepreneurial, surrounded by opportunities to drive new initiatives and innovations. At our core, we are bold and ambitious people that like to get our hands dirty and make a hands-on impact. At Coupang, you will see yourself, your colleagues, your team, and the company grow every day. Our mission to build the future of commerce is real. We push the boundaries of what’s possible to solve problems and break traditional tradeoffs. Join Coupang now to create an epic experience in this always-on, high-tech, and hyper-connected world.
Coupang A.I CyberSecurity Scoring
Coupang Risk Score (AI oriented)Between 0 and 549
Coupang
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
Coupang Global Score (TPRM)XXXX
Coupang
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
Coupang Company CyberSecurity News & History
Past Incidents
9
Attack Types
1
Korea's largest online retailer Coupang apologizes to 34M customers for data breach
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: E-commerce firm Coupang, South Korea's largest online retailer, has apologized for a data-breach affecting nearly 34 million of its customers. "We express regret over the recent incident," the company said. File Photo courtesy of Coupang Dec. 1 (UPI) -- Coupang, South Korea's largest online retailer described as the country's Amazon.com, has apologized for a data breach impacting nearly 34 million of its customers. The company, which operates its global headquarters from Seattle, Wash., confirmed the cyberattack in a letter Sunday and explained that the data breach compromised customers' names, email addresses, phone numbers, shipping addresses and some order histories. "We express regret over the recent incident ... we apologize for causing inconvenience and concern," Park Dae-jun, Coupang's chief executive officer wrote in the statement. Coupang said credit card numbers, login credentials, payment information and other more sensitive information were not affected. "Coupang will do its best to prevent further damage in close cooperation with the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet & Security Agency, the National Police Agency and other public-private joint investigation teams," the company said. "We are reviewing what changes we can make to the data security system, so we can better protect customer information." The company said while the breach was discovered in November, it started five months ago and is su
South Korea Probes Worst Coupang Data Breach In A Decade
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The personal data of more than 33 million customers was leaked in a breach believed to have started on June 24 through overseas servers. South Korean police said Monday they are tracking IP addresses and examining potential security weaknesses at Coupang after the e-commerce giant experienced the country’s most significant data breach in more than ten years. Security Failure The personal data of more than 33 million customers was leaked in a breach believed to have started on June 24 through overseas servers, though the company did not learn of the problem until November 18. South Korea‘s Science Minister Bae Kyung-hoon said on Sunday that the perpetrator had “abused authentication vulnerabilities” in Coupang’s servers, adding that authorities would be investigating whether the company violated rules regarding the protection of personal information. Coupang, which is backed by Japan’s SoftBank Group, has said the breach exposed customers’ names, email addresses, phone numbers, shipping addresses and certain order histories, but not payment details or login credentials. Suspicion of China’s Involvement Broadcaster JTBC has reported that after conducting an internal investigation, Coupang suspects that a Chinese former employee, who was responsible for authentication tasks, was a key figure in the data breach. A former employee used their authentication key that was still active after the termination of the person’s contract to get access to customer information, lawmak
Coupang users concerned about possible voice phishing after data breach
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: When the news broke that over 33 million Coupang customers’ personal information was leaked, including names, addresses, phone numbers and their recent purchase histories — Kim Joo-young, 40, an office worker in Seoul, checked her phone immediately to change her passwords. “It felt like someone could somehow just take everything from me, including my deposits in bank and brokerage accounts without me knowing,” she said. “I thought voice phishing was something I only hear on the news, but the Coupang incident taught me this is no joke and that it could happen to anyone. And that anyone could very well be me.” On Saturday, a day after the leak was reported, she received a text claiming her “recent parcel could not be delivered.” Normally, she would have ignored it. But when the whole country is talking about leaked addresses and purchases, that message suddenly felt like a threat she couldn’t brush off. “I was extremely careful not to click on the link attached by mistake. In the past, I wouldn’t have thought twice about it, but at that moment, I was gripped by fear that I could be the next victim who would regret being careless later. I will pay extra caution when I go over messages from now on," Kim said. Similarly, Park Min-soo, 40, an office worker, said he received a phone call from someone claiming to be a Coupang courier serviceperson, telling him there was a “problem with a recent purchase.” He has not ordered anything recently, but he knew his wife did. The calle
Coupang
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Coupang, a South Korean e-commerce giant, suffered a **data breach** where unauthorized access to **4,536 customer accounts** went undetected for **12 days** (from November 6 to November 18). The breach was caused by the exploitation of **signed access tokens**, allowing attackers to view sensitive customer data, including **names, phone numbers, shipping addresses, and the five most recent orders**. The company failed to detect the intrusion promptly and delayed notifying affected customers, raising concerns about its cybersecurity measures. While Coupang revoked the compromised tokens and reported the incident within the **24-hour legal deadline**, the prolonged exposure of personal data has led to criticism over its **detection capabilities and transparency**. Regulatory bodies, including the **Ministry of Science and ICT, KISA, and the Personal Information Protection Commission**, are investigating the breach’s cause and impact. The incident highlights vulnerabilities in **authentication mechanisms** and underscores the risks of **unauthorized data access** in large-scale digital platforms.
Coupang’s massive data breach undercuts national security certification
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Audio report: written by reporters, read by AI Coupang, Korea’s largest e-commerce platform, disclosed a major data leak last week affecting 33.7 million customer accounts. The scale surpasses the breach at SK Telecom, which affected 23.24 million people and resulted in the largest fine ever imposed for violations of personal information protection. It is comparable to the 2011 hacking incident that exposed data from 35 million Cyworld and Nate users.The leaked information includes customer names, email addresses, delivery addresses and phone numbers. Coupang says payment information, credit card numbers and login credentials were not compromised, and that customers need not take separate action. Still, the scale of the breach has left users uneasy. The company had reported only 4,500 affected accounts nine days earlier, a figure that turned out to be 7,500 times smaller than the actual number. Customers are advised to avoid phone calls or messages impersonating Coupang.Unlike past data leaks at telecom companies, which were typically caused by hacking, this case may involve a former employee from China. Investigators suspect he extracted customer data over five months without the company noticing. If true, the incident exposes serious flaws in Coupang’s internal controls and access management. Since 2020, the company has suffered four data breaches and been fined a total of 1.5 billion won ($1.02 million). Each time, it pledged to prevent recurrence, yet the assurances prov
Coupang's market dominance remains unshaken after data breach: analysts
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Coupang's massive data breach is expected to have only a limited impact on the number of customers leaving the platform, due to the company's dominant position and differentiated services, analysts said Wednesday. The breach, which exposed the personal information of 33.7 million users, is the largest in Korean history. It reportedly occurred five months ago due to a former employee, but remained undetected until recently. Coupang shares dropped 5.36 percent on Monday (local time) following reports of the breach over the weekend. The stock, however, rebounded slightly on Tuesday, rising 0.23 percent to close at $26.71 in New York trading. Despite the negative headlines, Coupang's domestic rivals saw modest gains or remained largely unaffected. From Monday to Wednesday, Naver shares climbed 1.44 percent to 246,500 won ($167.85). Naver operates e-commerce platforms, including Naver Store and Naver Pay. Emart and Lotte Shopping also advanced 4 percent and 3.1 percent, respectively, while the benchmark KOSPI index added 2.96 percent. Coupang controlled 22.7 percent of Korea's e-commerce market by revenue last year, ahead of Naver at 20.7 percent, Gmarket and Auction at 8 percent, and SSG.com at 3 percent. Analysts say the company's flagship services — such as Rocket Delivery, a free next-day delivery service, and Coupang Play, a streaming platform — provide enough value to limit customers from leaving the platform. Even if some users do depart, rivals may see little benefit
South Korea PM Lee Nak-yon pushes stronger data protection laws after Coupang breach
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: Regulatory push Coupang apologises over massive data breach Coupang, South Korea's largest e-commerce platform often dubbed the “Amazon.com of South Korea,” recently faced a massive data breach. The system of the company were illegally accessed causing a massive data breach and affecting the personal information of 33.7 million customer accounts. The breach was first detected by the company on November 18 but it believes the unauthorised access to customer accounts began on June 24 and was executed through overseas servers. Coupang says that the compromised information is limited to basic personal data and the highly sensitive financial details remain secure. Now, the South Korean Prime Minister Lee Nak-yon has called for stronger penalties against companies that fail to protect consumer data.As reported by Reuters, Lee emphasised that the companies must face tougher consequences when they fail to protect personal information. “We cannot allow negligence in data protection to go unpunished,” he said, urging lawmakers to strengthen penalties and enforcement measures.Along with this, Lee also stressed that protecting the trust of the consumer is of critical importance for South Korea’s digital economy, which heavily relies on e-commerce and online services.He also called for closer cooperation between government agencies and private firms to prevent future breaches.For the uninitiated, South Korea already has some strict data privacy laws under the Personal Informatio
Coupang's data breach undetected for five months, triggering customer alarm
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: SEOUL, Nov. 30 (Yonhap) -- Anxiety and frustration are mounting following a massive data breach at e-commerce giant Coupang that local observers noted Sunday may have been ongoing for months. On Saturday, the U.S.-listed company confirmed personal information belonging to 33.7 million customers -- nearly its entire user base -- had been compromised. The breached data includes names, phone numbers, email addresses and delivery addresses. The company said payment information, credit card numbers and login credentials were not affected. "Unauthorized access to delivery-related personal information for the affected accounts appears to have been made through overseas servers since June 24," the company said. This photo shows a distribution center of e-commerce giant Coupang in Seoul on Nov. 5, 2025. (Yonhap) The company first discovered the breach on Nov. 18 and notified authorities within two days. Coupang initially reported a leak affecting approximately 4,500 customers. Police launched an investigation after receiving a complaint Tuesday to determine how the breach occurred. As the scope of the breach proves far larger than the 4,500 accounts initially reported and extends back several months earlier than first believed, customers have expressed serious concerns about potential misuse of their compromised information. The incident surpasses SK Telecom's data leak in April, affecting 23.2 million users, which resulted in a record fine of 134.8 billion won. In addition,
"The Coupang Incident Is Your Fault"...34 Million Records Breached, Yet Political Circles Continue to Shift Blame
Breach
Rankiteo Explanation
Attack threatening the organization’s existence
Description: People Power Party: "Control Tower Failed Amid Repeated Security Breaches" DPK: "Previous Administration Failed to Address Root Causes, Security Gaps Accumulated" 사진 확대 Park Dae-jun, CEO of Coupang, answers questions from reporters after attending an emergency ministerial meeting on the Coupang data breach at Government Complex Seoul on the afternoon of the 30th. [Joint Press] Following a massive data breach at Coupang, the leading e-commerce company in Korea, which exposed the information of approximately 34 million users, the People Power Party and the Democratic Party of Korea (DPK) have engaged in a blame game, each pointing fingers at the other. Choi Bo-yoon, chief spokesperson for the People Power Party, stated in a commentary, "A catastrophic security incident has occurred, leaking personal information on a scale that effectively covers the entire nation. This is the result of both corporate negligence in security and the government's failure in oversight." He continued, "An even more serious issue is the government's response. Although intrusion attempts began in June, they were not detected until November. Under the Lee Jae-myung administration, major security incidents have occurred at KT and Lotte Card, yet the national cybersecurity control tower has essentially failed to function." Members of the People Power Party on the Science, ICT, Broadcasting, and Communications Committee of the National Assembly also released an emergency statement, emphasizing, "Info
Coupang Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for Coupang
Incidents vs Software Development Industry Average (This Year)
Coupang has 589.66% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Coupang has 412.82% more incidents than the average of all companies with at least one recorded incident.
Incident Types Coupang vs Software Development Industry Avg (This Year)
Coupang reported 4 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 4 data breaches, compared to industry peers with at least 1 incident.
Incident History — Coupang (X = Date, Y = Severity)
Coupang cyber incidents detection timeline including parent company and subsidiaries
Coupang Company Subsidiaries
We exist to wow our customers. We know we’re doing the right thing when we hear our customers say, “How did I ever live without Coupang?” Born out of an obsession to make shopping, eating, and living easier than ever, we are collectively disrupting the multi-billion-dollar commerce industry from the ground up and establishing an unparalleled reputation for being one of many high-performing companies and reliable force in South Korean commerce. We are proud to have the best of both worlds — a startup culture with the resources of a large global public company. This fuels us to continue our growth and launch new services at the speed we have been since our inception. We are all entrepreneurial, surrounded by opportunities to drive new initiatives and innovations. At our core, we are bold and ambitious people that like to get our hands dirty and make a hands-on impact. At Coupang, you will see yourself, your colleagues, your team, and the company grow every day. Our mission to build the future of commerce is real. We push the boundaries of what’s possible to solve problems and break traditional tradeoffs. Join Coupang now to create an epic experience in this always-on, high-tech, and hyper-connected world.
Loading...
Coupang Similar Companies
Broadcom Software
Broadcom Software modernizes, optimizes, and protects the world’s most complex hybrid environments. We are a global software leader delivering a comprehensive portfolio of industry-leading business-critical software enabling scalability, agility and security for the largest global companies in the w
Walmart Global Tech
Walmart has a long history of transforming retail and using technology to deliver innovations that improve how the world shops and empower our 2.1 million associates. It began with Sam Walton and continues today with Global Tech associates working together to power Walmart and lead the next retail d
Pitney Bowes is a technology-driven products and services company that provides SaaS shipping solutions, mailing innovation, and financial services to clients around the world – including more than 90 percent of the Fortune 500. Small businesses to large enterprises, and government entities rely on
Baidu is a leading AI company with strong Internet foundation, driven by our mission to “make the complicated world simpler through technology”. Founded in 2000 as a search engine platform, we were an early adopter of artificial intelligence in 2010. Since then, we have established a full AI stack,
KPIT
About KPIT KPIT is reimagining the future of mobility, forging ahead with group companies and partners to shape a world that is cleaner, smarter, and safer. With over 25 years of specialized expertise in Mobility, KPIT is accelerating the transformation towards Software and AI-Defined Vehicles thr
Wolt
Wolt is a Helsinki-based technology company with a mission to bring joy, simplicity and earnings to the neighborhoods of the world. Wolt develops a local commerce platform that connects people looking to order food, groceries, and other goods with people interested in selling and delivering them. Wo
GlobalLogic
GlobalLogic, a Hitachi Group company, is a trusted partner in design, data, and digital engineering for the world’s largest and most innovative companies. Since our inception in 2000, we have been at the forefront of the digital revolution, helping to create some of the most widely used digital prod
A problem isn't truly solved until it's solved for all. Googlers build products that help create opportunities for everyone, whether down the street or across the globe. Bring your insight, imagination and a healthy disregard for the impossible. Bring everything that makes you unique. Together, we c
ServiceNow
ServiceNow (NYSE: NOW) makes the world work better for everyone. Our cloud-based platform and solutions help digitize and unify organizations so that they can find smarter, faster, better ways to make work flow. So employees and customers can be more connected, more innovative, and more agile. And w
.png)
Coupang CyberSecurity News
December 04, 2025 10:25 AM
Public backlash grows as Coupang faces scrutiny over massive data leak
Coupang's data breach exposes deep concerns about South Korea's digital-security standards. Investigators probe systemic weaknesses revealed...
December 04, 2025 07:55 AM
Worries in Taiwan linger after Coupang leak hits Korea
Coupang's sweeping data leak has laid bare what many call a double standard in its cybersecurity practices, in which the company prioritizes...
December 04, 2025 06:55 AM
Coupang data leak raises concerns over possible exposure of military information
A data breach at Coupang that exposed information from roughly 33.7 million customer accounts has stirred concerns within the Korean...
December 04, 2025 05:00 AM
Crisis at Coupang: 33.7 Million Accounts Exposed in South Korea’s Largest Data Hack
Crisis for Coupang as 33.7 million accounts compromised in South Korea's biggest data breach — personal details exposed, probe launched.
December 04, 2025 04:05 AM
Gmarket CEO acknowledges recent cybersecurity case, notes timing of the incident
Gmarket CEO James Chang acknowledged a recent incident involving the suspected unauthorized use of customer information on the e-commerce...
December 04, 2025 02:56 AM
Coupang may face US SEC fine over user data breach
SEC rules require companies to disclose material cybersecurity incidents within four business days of determining their significance.
December 03, 2025 07:21 PM
Coupang's data breach starts drawing US legal attention
SEATTLE — Coupang may be heading into a new phase of legal pressure in the U.S. as investors begin to assess the fallout from the massive...
December 03, 2025 06:21 PM
Coupang Accused of Prioritizing Lobbying as It Recruits Dozens of Former Regulators and Lawmakers’ Staff
[Alpha Biz= Kim Jisun] Seoul, South Korea — Coupang hired 28 former officials from the National Assembly and government cybersecurity...
December 03, 2025 05:15 PM
Coupang Breach is Poised To Be A Landmark Case for South Korea
South Korea's National Assembly spent more than seven hours grilling Coupang Inc. executives this week about a massive data breach at the...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
Coupang CyberSecurity History Information
Official Website of Coupang
The official website of Coupang is https://www.coupang.jobs/.
Coupang’s AI-Generated Cybersecurity Score
According to Rankiteo, Coupang’s AI-generated cybersecurity score is 363, reflecting their Critical security posture.
How many security badges does Coupang’ have ?
According to Rankiteo, Coupang currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Coupang have SOC 2 Type 1 certification ?
According to Rankiteo, Coupang is not certified under SOC 2 Type 1.
Does Coupang have SOC 2 Type 2 certification ?
According to Rankiteo, Coupang does not hold a SOC 2 Type 2 certification.
Does Coupang comply with GDPR ?
According to Rankiteo, Coupang is not listed as GDPR compliant.
Does Coupang have PCI DSS certification ?
According to Rankiteo, Coupang does not currently maintain PCI DSS compliance.
Does Coupang comply with HIPAA ?
According to Rankiteo, Coupang is not compliant with HIPAA regulations.
Does Coupang have ISO 27001 certification ?
According to Rankiteo,Coupang is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Coupang
Coupang operates primarily in the Software Development industry.
Number of Employees at Coupang
Coupang employs approximately 7,994 people worldwide.
Subsidiaries Owned by Coupang
Coupang presently has no subsidiaries across any sectors.
Coupang’s LinkedIn Followers
Coupang’s official LinkedIn profile has approximately 226,701 followers.
NAICS Classification of Coupang
Coupang is classified under the NAICS code 5112, which corresponds to Software Publishers.
Coupang’s Presence on Crunchbase
Yes, Coupang has an official profile on Crunchbase, which can be accessed here: https://www.crunchbase.com/organization/coupang.
Coupang’s Presence on LinkedIn
Yes, Coupang maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/coupang.
Cybersecurity Incidents Involving Coupang
As of December 11, 2025, Rankiteo reports that Coupang has experienced 9 cybersecurity incidents.
Number of Peer and Competitor Companies
Coupang has an estimated 27,532 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Coupang ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Coupang detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with korea internet & security agency (kisa), third party assistance with ministry of science and ict, third party assistance with personal information protection commission, and and containment measures with revoked signature key information for tokens, and remediation measures with enhanced detection rules, remediation measures with expanded monitoring, and communication strategy with text message to affected customers on november 18, 2023, and and incident response plan activated with yes (notified authorities within 2 days of detection), and law enforcement notified with yes (police investigation launched after complaint on november 25), and communication strategy with public disclosure on november 29; initial underreporting (4,500 accounts) corrected later, and incident response plan activated with yes (emergency ministerial meeting held), and communication strategy with public disclosure via ceo park dae-jun's press interaction; political statements from people power party and dpk, and law enforcement notified with yes (investigation ongoing), and recovery measures with customer advisory to avoid phishing (impersonation calls/messages), and communication strategy with public disclosure, communication strategy with customer notification (no action required for affected users), and incident response plan activated with yes (internal investigation conducted), and law enforcement notified with yes (south korean police involved), and communication strategy with public disclosure by south korean authorities and coupang, and and third party assistance with ministry of science and ict, third party assistance with personal information protection commission, third party assistance with korea internet & security agency, third party assistance with national police agency, and and remediation measures with reviewing changes to data security system, and communication strategy with public apology issued by ceo (park dae-jun), and communication strategy with public apology issued; cooperation with government agencies emphasized..
Incident Details
Can you provide details on each incident ?
Title: Coupang Data Breach Exposing Personal Information of Over 4,500 Customers
Description: Coupang failed to detect a data breach that exposed the personal information of more than 4,500 customers for over 10 days. Unauthorized access to user accounts occurred on November 6, 2023, at 6:38 p.m., but the breach was not detected until 12 days later, on November 18, 2023, at 10:52 p.m. The compromised data included the five most recent orders and delivery address book entries (names, phone numbers, and shipping addresses). The breach was attributed to the exploitation of a signed access token. Coupang revoked the signature key information and enhanced detection rules to prevent further unauthorized access.
Date Detected: 2023-11-18T22:52:00
Date Publicly Disclosed: 2023-11-18
Type: data breach
Attack Vector: exploitation of signed access token
Vulnerability Exploited: compromised signed access token
Title: Massive Data Breach at Coupang Affecting 33.7 Million Customers
Description: A massive data breach at e-commerce giant Coupang compromised personal information of 33.7 million customers, nearly its entire user base. The breach, which may have been ongoing since June 24, involved unauthorized access to delivery-related personal data (names, phone numbers, email addresses, and delivery addresses) via overseas servers. Payment information, credit card numbers, and login credentials were reportedly not affected. The company initially underreported the scale (4,500 accounts) but later confirmed the full extent after an investigation was launched. Customer anxiety and regulatory scrutiny are mounting, with comparisons drawn to SK Telecom's 23.2 million-user breach in April, which incurred a record 134.8 billion won fine.
Date Detected: 2025-11-18
Date Publicly Disclosed: 2025-11-29
Type: Data Breach
Attack Vector: Compromised Overseas ServersPotential Insider Threat or Third-Party Vulnerability
Title: Coupang Massive Data Breach Exposing 34 Million Users' Information
Description: A catastrophic security incident at Coupang, Korea's leading e-commerce company, exposed the personal information of approximately 34 million users. The breach was undetected for months, with intrusion attempts beginning in June but only discovered in November. The incident has sparked political blame between the People Power Party and the Democratic Party of Korea (DPK), with accusations of corporate negligence and government oversight failure. The breach follows prior major security incidents at KT and Lotte Card under the current administration.
Date Detected: 2023-11-30
Date Publicly Disclosed: 2023-11-30
Type: Data Breach
Title: Coupang Major Data Leak Affecting 33.7 Million Customer Accounts
Description: Coupang, Korea’s largest e-commerce platform, disclosed a major data leak affecting 33.7 million customer accounts. The leaked information includes customer names, email addresses, delivery addresses, and phone numbers. Unlike past breaches caused by hacking, this incident may involve a former employee from China who extracted data over five months without detection. The company initially reported only 4,500 affected accounts, later revised to 33.7 million (7,500 times larger). This marks Coupang’s fourth data breach since 2020, raising concerns about internal controls and access management.
Type: Data Breach
Attack Vector: Insider Threat (Former Employee)Unauthorized Data Extraction
Vulnerability Exploited: Poor Internal Access ControlsLack of Monitoring for Unauthorized Data Exfiltration
Threat Actor: Former Employee (Suspected, from China)
Motivation: Potentially Financial Gain (Data Theft)Unclear (Under Investigation)
Title: Coupang Data Breach Exposes 33 Million Customer Records
Description: The personal data of more than 33 million Coupang customers was leaked in a breach believed to have started on June 24 through overseas servers. The breach was discovered on November 18. The perpetrator, suspected to be a former Chinese employee, abused authentication vulnerabilities to access customer information, including names, email addresses, phone numbers, shipping addresses, and order histories. Payment details and login credentials were not exposed.
Date Detected: 2023-11-18
Date Publicly Disclosed: 2023-11-20
Type: Data Breach
Attack Vector: Abuse of authentication vulnerabilities via active authentication key of a former employee
Vulnerability Exploited: Authentication vulnerabilities in Coupang's servers
Threat Actor: Former Chinese employee (suspected)
Title: Coupang Data Breach Affecting 34 Million Customers
Description: Coupang, South Korea's largest online retailer, experienced a data breach compromising the personal information of nearly 34 million customers. The breach exposed names, email addresses, phone numbers, shipping addresses, and some order histories but did not affect credit card numbers, login credentials, or payment information. The incident was discovered in November 2023 but began five months prior. Coupang is cooperating with South Korean authorities to investigate and enhance its data security systems.
Date Detected: 2023-11-01
Date Publicly Disclosed: 2023-12-01
Type: Data Breach
Title: Coupang Data Breach Exposes 33 Million Customers' Personal Information
Description: A massive data breach at Coupang, South Korea's largest e-commerce platform, exposed the personal information of over 33 million customers, including names, addresses, phone numbers, and recent purchase histories. The incident triggered widespread fear of voice phishing and identity theft among affected users, who reported receiving suspicious texts and calls exploiting the leaked data.
Type: Data Breach
Motivation: Financial GainFraud (e.g., voice phishing)
Title: Coupang Massive Data Breach
Description: Coupang, South Korea's largest e-commerce platform, faced a massive data breach affecting the personal information of 33.7 million customer accounts. The breach was first detected on November 18, but unauthorized access began on June 24 via overseas servers. Compromised data was limited to basic personal information, with financial details remaining secure. The South Korean Prime Minister called for stronger penalties and enforcement measures to protect consumer data.
Date Detected: 2023-11-18
Type: Data Breach
Attack Vector: Unauthorized access via overseas servers
Title: Coupang Massive Data Breach
Description: Coupang experienced a massive data breach exposing the personal information of 33.7 million users, the largest in Korean history. The breach occurred five months ago due to a former employee but remained undetected until recently.
Type: Data Breach
Threat Actor: Former Employee
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through exploited signed access token, Overseas servers (unauthorized access), Internal Access (Former Employee), Active authentication key of a former employee and Overseas servers.
Impact of the Incidents
What was the impact of each incident ?
Incident : data breach COU4132641112125
Data Compromised: Names, Phone numbers, Shipping addresses, Five most recent orders, Delivery address book entries
Systems Affected: user account profiles
Brand Reputation Impact: criticism for delayed detection and disclosure
Legal Liabilities: investigation by Ministry of Science and ICT, KISA, and Personal Information Protection Commission
Identity Theft Risk: potential (due to exposed PII)
Incident : Data Breach COU1764467849
Data Compromised: Names, Phone numbers, Email addresses, Delivery addresses
Systems Affected: Delivery-Related DatabasesOverseas Servers
Customer Complaints: Mounting anxiety and frustration among customers
Brand Reputation Impact: Severe; potential long-term trust erosion
Legal Liabilities: Potential regulatory fines (comparable to SK Telecom's 134.8 billion won penalty)
Identity Theft Risk: High (due to exposure of PII)
Payment Information Risk: None (explicitly stated as unaffected)
Incident : Data Breach COU1764496624
Data Compromised: Personal information of ~34 million users (effectively covering the entire nation)
Brand Reputation Impact: Severe (political blame game, national-scale criticism)
Identity Theft Risk: High (given scale of personal data exposure)
Incident : Data Breach COU1764518078
Data Compromised: Customer names, Email addresses, Delivery addresses, Phone numbers
Operational Impact: Loss of Customer TrustReputational Damage
Customer Complaints: ['Increased Unease Among Users']
Brand Reputation Impact: Severe Damage Due to Repeated BreachesLoss of Credibility in Data Protection
Legal Liabilities: Potential Fines (Historical Fines: 1.5 Billion KRW / $1.02 Million)
Identity Theft Risk: ['High (Due to PII Exposure)']
Payment Information Risk: ['None (Payment Info and Login Credentials Reportedly Uncompromised)']
Incident : Data Breach COU1764583559
Data Compromised: Names, Email addresses, Phone numbers, Shipping addresses, Order histories
Systems Affected: Coupang's customer database servers
Brand Reputation Impact: Significant (largest data breach in South Korea in over a decade)
Legal Liabilities: Potential violation of personal information protection rules (under investigation)
Identity Theft Risk: High (personal data of 33M+ customers exposed)
Payment Information Risk: None (payment details not compromised)
Incident : Data Breach COU1764633465
Data Compromised: Names, Email addresses, Phone numbers, Shipping addresses, Order histories
Brand Reputation Impact: Negative (public apology issued)
Identity Theft Risk: Low (no sensitive financial or login data exposed)
Payment Information Risk: None (payment information not affected)
Incident : Data Breach COU1764662280
Data Compromised: Names, Addresses, Phone numbers, Purchase histories
Customer Complaints: Increased (reports of suspicious texts/calls exploiting leaked data)
Brand Reputation Impact: Significant (widespread public fear and distrust)
Identity Theft Risk: High (customers reported targeted phishing attempts)
Payment Information Risk: Indirect (fear of linked financial accounts being targeted via phishing)
Incident : Data Breach COU1764684623
Data Compromised: Basic personal information of 33.7 million customer accounts
Brand Reputation Impact: Potential damage due to loss of consumer trust
Legal Liabilities: Potential penalties under South Korea's Personal Information Protection Act (PIPA)
Identity Theft Risk: High (due to exposure of personal data)
Payment Information Risk: None (financial details reported as secure)
Incident : Data Breach COU1764771660
Data Compromised: Personal information of 33.7 million users
Brand Reputation Impact: Negative headlines, stock drop of 5.36%
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal Information, Order History, Delivery Addresses, , Personal Identifiable Information (Pii), , Personal Information, Personally Identifiable Information (Pii), , Personal Identifiable Information (Pii), Order Histories, , Personal Information, Contact Details, Order Histories, , Personally Identifiable Information (Pii), Transaction/Purchase History, , Basic personal information and Personal information.
Which entities were affected by each incident ?
Incident : data breach COU4132641112125
Entity Name: Coupang
Entity Type: e-commerce
Industry: retail
Location: South Korea
Customers Affected: 4,536
Incident : Data Breach COU1764467849
Entity Name: Coupang
Entity Type: E-Commerce
Industry: Retail/Logistics
Location: Seoul, South Korea (HQ); U.S.-listed
Size: 33.7 million customers (nearly entire user base)
Customers Affected: 33.7 million
Incident : Data Breach COU1764496624
Entity Name: Coupang
Entity Type: E-commerce Company
Industry: Retail / Technology
Location: South Korea
Size: Large (leading e-commerce platform)
Customers Affected: 34,000,000
Incident : Data Breach COU1764518078
Entity Name: Coupang
Entity Type: E-commerce Platform
Industry: Retail / E-commerce
Location: South Korea
Size: Large (Korea’s Largest E-commerce Platform)
Customers Affected: 33.7 Million
Incident : Data Breach COU1764583559
Entity Name: Coupang
Entity Type: E-commerce
Industry: Retail
Location: South Korea
Size: Large (33M+ customers affected)
Customers Affected: 33,000,000+
Incident : Data Breach COU1764633465
Entity Name: Coupang
Entity Type: E-commerce
Industry: Retail
Location: Seoul, South Korea (HQ in Seattle, Washington, USA)
Size: Large (South Korea's largest online retailer)
Customers Affected: 34,000,000
Incident : Data Breach COU1764662280
Entity Name: Coupang
Entity Type: E-commerce Platform
Industry: Retail/Online Shopping
Location: South Korea
Size: Large (over 33 million customers affected)
Customers Affected: 33,000,000+
Incident : Data Breach COU1764684623
Entity Name: Coupang
Entity Type: E-commerce Platform
Industry: Retail / E-commerce
Location: South Korea
Size: Large (33.7 million customers affected)
Customers Affected: 33.7 million
Incident : Data Breach COU1764771660
Entity Name: Coupang
Entity Type: E-commerce
Industry: Retail
Location: South Korea
Customers Affected: 33.7 million
Response to the Incidents
What measures were taken in response to each incident ?
Incident : data breach COU4132641112125
Incident Response Plan Activated: True
Third Party Assistance: Korea Internet & Security Agency (Kisa), Ministry Of Science And Ict, Personal Information Protection Commission.
Containment Measures: revoked signature key information for tokens
Remediation Measures: enhanced detection rulesexpanded monitoring
Communication Strategy: text message to affected customers on November 18, 2023
Incident : Data Breach COU1764467849
Incident Response Plan Activated: Yes (notified authorities within 2 days of detection)
Law Enforcement Notified: Yes (police investigation launched after complaint on November 25)
Communication Strategy: Public disclosure on November 29; initial underreporting (4,500 accounts) corrected later
Incident : Data Breach COU1764496624
Incident Response Plan Activated: Yes (emergency ministerial meeting held)
Communication Strategy: Public disclosure via CEO Park Dae-jun's press interaction; political statements from People Power Party and DPK
Incident : Data Breach COU1764518078
Law Enforcement Notified: Yes (Investigation Ongoing),
Recovery Measures: Customer Advisory to Avoid Phishing (Impersonation Calls/Messages)
Communication Strategy: Public DisclosureCustomer Notification (No Action Required for Affected Users)
Incident : Data Breach COU1764583559
Incident Response Plan Activated: Yes (internal investigation conducted)
Law Enforcement Notified: Yes (South Korean police involved)
Communication Strategy: Public disclosure by South Korean authorities and Coupang
Incident : Data Breach COU1764633465
Incident Response Plan Activated: True
Third Party Assistance: Ministry Of Science And Ict, Personal Information Protection Commission, Korea Internet & Security Agency, National Police Agency.
Remediation Measures: Reviewing changes to data security system
Communication Strategy: Public apology issued by CEO (Park Dae-jun)
Incident : Data Breach COU1764684623
Communication Strategy: Public apology issued; cooperation with government agencies emphasized
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Yes (notified authorities within 2 days of detection), Yes (emergency ministerial meeting held), Yes (internal investigation conducted), .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Korea Internet & Security Agency (KISA), Ministry of Science and ICT, Personal Information Protection Commission, , Ministry of Science and ICT, Personal Information Protection Commission, Korea Internet & Security Agency, National Police Agency, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : data breach COU4132641112125
Type of Data Compromised: Personal information, Order history, Delivery addresses
Number of Records Exposed: 4,536
Sensitivity of Data: moderate (PII including names, phone numbers, addresses)
Incident : Data Breach COU1764467849
Type of Data Compromised: Personal identifiable information (pii)
Number of Records Exposed: 33.7 million
Sensitivity of Data: Moderate to High (PII but no financial/payment data)
Data Exfiltration: Yes (via overseas servers)
Personally Identifiable Information: NamesPhone NumbersEmail AddressesDelivery Addresses
Incident : Data Breach COU1764496624
Type of Data Compromised: Personal Information
Number of Records Exposed: 34,000,000
Sensitivity of Data: High (nationwide scale)
Data Exfiltration: Yes
Personally Identifiable Information: Yes
Incident : Data Breach COU1764518078
Type of Data Compromised: Personally identifiable information (pii)
Number of Records Exposed: 33.7 Million
Sensitivity of Data: Moderate to High (PII but No Payment Data)
Data Exfiltration: Yes (Over Five Months)
Personally Identifiable Information: NamesEmail AddressesDelivery AddressesPhone Numbers
Incident : Data Breach COU1764583559
Type of Data Compromised: Personal identifiable information (pii), Order histories
Number of Records Exposed: 33,000,000+
Sensitivity of Data: High (PII but no payment details or login credentials)
Data Exfiltration: Yes (via overseas servers)
Personally Identifiable Information: namesemail addressesphone numbersshipping addresses
Incident : Data Breach COU1764633465
Type of Data Compromised: Personal information, Contact details, Order histories
Number of Records Exposed: 34,000,000
Sensitivity of Data: Moderate (no financial or login credentials exposed)
Incident : Data Breach COU1764662280
Type of Data Compromised: Personally identifiable information (pii), Transaction/purchase history
Number of Records Exposed: 33,000,000+
Sensitivity of Data: High (enables targeted phishing, identity theft, and financial fraud)
Data Exfiltration: Yes
Personally Identifiable Information: Full NamesPhysical AddressesPhone NumbersPurchase Records
Incident : Data Breach COU1764684623
Type of Data Compromised: Basic personal information
Number of Records Exposed: 33.7 million
Sensitivity of Data: Moderate (non-financial personal data)
Data Exfiltration: Yes (accessed via overseas servers)
Personally Identifiable Information: Yes (e.g., names, contact details)
Incident : Data Breach COU1764771660
Type of Data Compromised: Personal information
Number of Records Exposed: 33.7 million
Personally Identifiable Information: Yes
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: enhanced detection rules, expanded monitoring, , Reviewing changes to data security system.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by revoked signature key information for tokens and .
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Data Breach COU1764583559
Data Exfiltration: Yes (via overseas servers)
How does the company recover data encrypted by ransomware ?
Data Recovery from Ransomware: The company recovers data encrypted by ransomware through Customer Advisory to Avoid Phishing (Impersonation Calls/Messages), .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : data breach COU4132641112125
Regulations Violated: Korea’s Act on Promotion of Information and Communications Network Utilization and Information Protection (24-hour breach reporting requirement met),
Legal Actions: investigation ongoing by regulatory bodies,
Regulatory Notifications: reported to authorities within 24 hours of discovery (November 19, 2023, at 9:35 p.m.)
Incident : Data Breach COU1764467849
Legal Actions: Police investigation ongoing
Regulatory Notifications: Authorities notified within 2 days of detection (November 20)
Incident : Data Breach COU1764518078
Regulations Violated: Personal Information Protection Act (South Korea),
Fines Imposed: ['Historical Fines: 1.5 Billion KRW ($1.02 Million); Potential New Fines Pending']
Regulatory Notifications: Likely (Given Scale and Past Violations)
Incident : Data Breach COU1764583559
Regulations Violated: Potential violation of South Korean personal information protection rules (under investigation)
Legal Actions: Investigation ongoing by South Korean authorities
Regulatory Notifications: Disclosed by South Korea’s Science Minister and police
Incident : Data Breach COU1764633465
Regulatory Notifications: Ministry of Science and ICTPersonal Information Protection Commission
Incident : Data Breach COU1764684623
Regulations Violated: South Korea's Personal Information Protection Act (PIPA),
Legal Actions: Potential penalties and enforcement measures urged by South Korean Prime Minister
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through investigation ongoing by regulatory bodies, , Police investigation ongoing, Investigation ongoing by South Korean authorities, Potential penalties and enforcement measures urged by South Korean Prime Minister.
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Data Breach COU1764518078
Lessons Learned: Need for Stricter Internal Access Controls and Monitoring, Importance of Accurate Initial Breach Reporting, Risks of Insider Threats and Long-Term Data Exfiltration, Reputational Costs of Repeated Breaches
Incident : Data Breach COU1764662280
Lessons Learned: Heightened public awareness of phishing risks post-breach; customers reported increased vigilance in verifying unsolicited communications (e.g., texts/calls referencing leaked purchase data).
What recommendations were made to prevent future incidents ?
Incident : Data Breach COU1764518078
Recommendations: Implement Robust Insider Threat Detection Systems, Enhance Data Access Logging and Anomaly Monitoring, Conduct Regular Audits of Employee Access Rights, Improve Transparency in Breach Disclosures, Strengthen Customer Communication During IncidentsImplement Robust Insider Threat Detection Systems, Enhance Data Access Logging and Anomaly Monitoring, Conduct Regular Audits of Employee Access Rights, Improve Transparency in Breach Disclosures, Strengthen Customer Communication During IncidentsImplement Robust Insider Threat Detection Systems, Enhance Data Access Logging and Anomaly Monitoring, Conduct Regular Audits of Employee Access Rights, Improve Transparency in Breach Disclosures, Strengthen Customer Communication During IncidentsImplement Robust Insider Threat Detection Systems, Enhance Data Access Logging and Anomaly Monitoring, Conduct Regular Audits of Employee Access Rights, Improve Transparency in Breach Disclosures, Strengthen Customer Communication During IncidentsImplement Robust Insider Threat Detection Systems, Enhance Data Access Logging and Anomaly Monitoring, Conduct Regular Audits of Employee Access Rights, Improve Transparency in Breach Disclosures, Strengthen Customer Communication During Incidents
Incident : Data Breach COU1764684623
Recommendations: Strengthen penalties for data protection negligence, Enhance cooperation between government agencies and private firms, Improve monitoring and detection of unauthorized access, especially from overseas serversStrengthen penalties for data protection negligence, Enhance cooperation between government agencies and private firms, Improve monitoring and detection of unauthorized access, especially from overseas serversStrengthen penalties for data protection negligence, Enhance cooperation between government agencies and private firms, Improve monitoring and detection of unauthorized access, especially from overseas servers
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Need for Stricter Internal Access Controls and Monitoring,Importance of Accurate Initial Breach Reporting,Risks of Insider Threats and Long-Term Data Exfiltration,Reputational Costs of Repeated BreachesHeightened public awareness of phishing risks post-breach; customers reported increased vigilance in verifying unsolicited communications (e.g., texts/calls referencing leaked purchase data).
References
Where can I find more information about each incident ?
Incident : data breach COU4132641112125
Source: The Korea Herald
Incident : Data Breach COU1764496624
Source: Joint Press (Government Complex Seoul)
Date Accessed: 2023-11-30
Incident : Data Breach COU1764496624
Source: People Power Party Statement (Science, ICT, Broadcasting, and Communications Committee)
Date Accessed: 2023-11-30
Incident : Data Breach COU1764518078
Source: Audio Report (Reporters, Read by AI)
Incident : Data Breach COU1764518078
Source: Historical Context: SK Telecom Breach (23.24M Affected) and 2011 Cyworld/Nate Hack (35M Affected)
Incident : Data Breach COU1764583559
Source: JTBC (South Korean broadcaster)
Incident : Data Breach COU1764583559
Source: South Korean Police and Science Ministry statements
Incident : Data Breach COU1764633465
Source: UPI (United Press International)
Date Accessed: 2023-12-01
Incident : Data Breach COU1764684623
Source: Reuters
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The Korea Herald, and Source: Yonhap News AgencyDate Accessed: 2025-11-30, and Source: Joint Press (Government Complex Seoul)Date Accessed: 2023-11-30, and Source: People Power Party Statement (Science, ICT, Broadcasting, and Communications Committee)Date Accessed: 2023-11-30, and Source: Audio Report (Reporters, Read by AI), and Source: Historical Context: SK Telecom Breach (23.24M Affected) and 2011 Cyworld/Nate Hack (35M Affected), and Source: JTBC (South Korean broadcaster), and Source: South Korean Police and Science Ministry statements, and Source: UPI (United Press International)Date Accessed: 2023-12-01, and Source: Reuters.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : data breach COU4132641112125
Investigation Status: ongoing (by Ministry of Science and ICT, KISA, and Personal Information Protection Commission)
Incident : Data Breach COU1764467849
Investigation Status: Ongoing (police investigating breach origins and scope)
Incident : Data Breach COU1764496624
Investigation Status: Ongoing (political and technical scrutiny)
Incident : Data Breach COU1764518078
Investigation Status: Ongoing (Suspected Insider Threat from Former Employee)
Incident : Data Breach COU1764583559
Investigation Status: Ongoing (police tracking IP addresses, examining security weaknesses)
Incident : Data Breach COU1764633465
Investigation Status: Ongoing (joint public-private investigation)
Incident : Data Breach COU1764684623
Investigation Status: Ongoing (as of report date)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Text Message To Affected Customers On November 18, 2023, Public disclosure on November 29; initial underreporting (4,500 accounts) corrected later, Public disclosure via CEO Park Dae-jun's press interaction; political statements from People Power Party and DPK, Public Disclosure, Customer Notification (No Action Required For Affected Users), Public disclosure by South Korean authorities and Coupang, Public apology issued by CEO (Park Dae-jun) and Public apology issued; cooperation with government agencies emphasized.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : data breach COU4132641112125
Customer Advisories: text message notification to affected customers
Incident : Data Breach COU1764496624
Stakeholder Advisories: Emergency ministerial meeting held; public statements by People Power Party and DPK
Incident : Data Breach COU1764518078
Stakeholder Advisories: Customers Advised To Beware Of Phishing (Impersonation Scams).
Customer Advisories: No Immediate Action Required; Monitor for Suspicious Communications
Incident : Data Breach COU1764633465
Customer Advisories: Public apology and notification issued
Incident : Data Breach COU1764662280
Customer Advisories: Customers advised to change passwords and exercise caution with unsolicited messages (e.g., fake delivery notifications).
Incident : Data Breach COU1764684623
Customer Advisories: Public apology issued; customers advised to monitor personal information
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Text Message Notification To Affected Customers, , Emergency ministerial meeting held; public statements by People Power Party and DPK, Customers Advised To Beware Of Phishing (Impersonation Scams), No Immediate Action Required; Monitor For Suspicious Communications, , Public apology and notification issued, Customers advised to change passwords and exercise caution with unsolicited messages (e.g., fake delivery notifications). and Public apology issued; customers advised to monitor personal information.
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : data breach COU4132641112125
Entry Point: exploited signed access token
High Value Targets: User Account Profiles,
Data Sold on Dark Web: User Account Profiles,
Incident : Data Breach COU1764467849
Entry Point: Overseas servers (unauthorized access)
Reconnaissance Period: Potentially since June 24, 2025 (undetected for ~5 months)
High Value Targets: Customer Pii Databases,
Data Sold on Dark Web: Customer Pii Databases,
Incident : Data Breach COU1764496624
Reconnaissance Period: June 2023 to November 2023 (undetected for ~5 months)
Incident : Data Breach COU1764518078
Entry Point: Internal Access (Former Employee),
Reconnaissance Period: ['Five Months (Undetected Data Extraction)']
High Value Targets: Customer Pii Database,
Data Sold on Dark Web: Customer Pii Database,
Incident : Data Breach COU1764583559
Entry Point: Active authentication key of a former employee
High Value Targets: Customer database (PII and order histories)
Data Sold on Dark Web: Customer database (PII and order histories)
Incident : Data Breach COU1764633465
Reconnaissance Period: 5 months (breach began ~June 2023, detected November 2023)
Incident : Data Breach COU1764662280
High Value Targets: Customer Pii, Purchase Histories,
Data Sold on Dark Web: Customer Pii, Purchase Histories,
Incident : Data Breach COU1764684623
Entry Point: Overseas servers
Reconnaissance Period: June 24 to November 18 (approx. 5 months)
High Value Targets: Customer personal data
Data Sold on Dark Web: Customer personal data
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : data breach COU4132641112125
Root Causes: Failure To Detect Unauthorized Access Promptly, Exploitation Of Signed Access Token,
Corrective Actions: Revoked Compromised Tokens, Enhanced Detection Rules, Expanded Monitoring,
Incident : Data Breach COU1764496624
Root Causes: Corporate Negligence In Security, Government Oversight Failure, Delayed Detection (Intrusion Attempts Began In June, Detected In November), Accumulated Security Gaps From Prior Incidents (Kt, Lotte Card),
Incident : Data Breach COU1764518078
Root Causes: Inadequate Internal Controls For Data Access, Failure To Detect Prolonged Data Exfiltration, Lack Of Employee Monitoring Post-Termination, Repeated Breaches Indicating Systemic Security Weaknesses,
Incident : Data Breach COU1764583559
Root Causes: Authentication vulnerabilities; failure to deactivate former employee's access credentials
Incident : Data Breach COU1764633465
Corrective Actions: Reviewing data security system enhancements
Incident : Data Breach COU1764771660
Root Causes: Former employee
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Korea Internet & Security Agency (Kisa), Ministry Of Science And Ict, Personal Information Protection Commission, , , Ministry Of Science And Ict, Personal Information Protection Commission, Korea Internet & Security Agency, National Police Agency, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Revoked Compromised Tokens, Enhanced Detection Rules, Expanded Monitoring, , Reviewing data security system enhancements.
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Former Employee (Suspected, from China), Former Chinese employee (suspected) and Former Employee.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-11-18T22:52:00.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2023-12-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, phone numbers, shipping addresses, five most recent orders, delivery address book entries, , Names, Phone Numbers, Email Addresses, Delivery Addresses, , Personal information of ~34 million users (effectively covering the entire nation), Customer Names, Email Addresses, Delivery Addresses, Phone Numbers, , names, email addresses, phone numbers, shipping addresses, order histories, , names, email addresses, phone numbers, shipping addresses, order histories, , Names, Addresses, Phone Numbers, Purchase Histories, , Basic personal information of 33.7 million customer accounts and Personal information of 33.7 million users.
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was user account profiles and Delivery-Related DatabasesOverseas Servers and Coupang's customer database servers.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was korea internet & security agency (kisa), ministry of science and ict, personal information protection commission, , ministry of science and ict, personal information protection commission, korea internet & security agency, national police agency, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was revoked signature key information for tokens.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were names, shipping addresses, Names, Phone Numbers, Email Addresses, delivery address book entries, Customer Names, Basic personal information of 33.7 million customer accounts, Addresses, Personal information of 33.7 million users, Delivery Addresses, phone numbers, Purchase Histories, email addresses, order histories, five most recent orders and Personal information of ~34 million users (effectively covering the entire nation).
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 268.8M.
Regulatory Compliance
What was the highest fine imposed for a regulatory violation ?
Highest Fine Imposed: The highest fine imposed for a regulatory violation was Historical Fines: 1.5 Billion KRW ($1.02 Million); Potential New Fines Pending, .
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was investigation ongoing by regulatory bodies, , Police investigation ongoing, Investigation ongoing by South Korean authorities, Potential penalties and enforcement measures urged by South Korean Prime Minister.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Reputational Costs of Repeated Breaches, Heightened public awareness of phishing risks post-breach; customers reported increased vigilance in verifying unsolicited communications (e.g., texts/calls referencing leaked purchase data).
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Conduct Regular Audits of Employee Access Rights, Strengthen Customer Communication During Incidents, Strengthen penalties for data protection negligence, Implement Robust Insider Threat Detection Systems, Enhance cooperation between government agencies and private firms, Enhance Data Access Logging and Anomaly Monitoring, Improve Transparency in Breach Disclosures, Improve monitoring and detection of unauthorized access and especially from overseas servers.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Historical Context: SK Telecom Breach (23.24M Affected) and 2011 Cyworld/Nate Hack (35M Affected), Audio Report (Reporters, Read by AI), Reuters, People Power Party Statement (Science, ICT, Broadcasting, and Communications Committee), Joint Press (Government Complex Seoul), South Korean Police and Science Ministry statements, UPI (United Press International), The Korea Herald, Yonhap News Agency and JTBC (South Korean broadcaster).
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is ongoing (by Ministry of Science and ICT, KISA, and Personal Information Protection Commission).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Emergency ministerial meeting held; public statements by People Power Party and DPK, Customers Advised to Beware of Phishing (Impersonation Scams), .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an text message notification to affected customers, No Immediate Action Required; Monitor for Suspicious Communications, Public apology and notification issued, Customers advised to change passwords and exercise caution with unsolicited messages (e.g., fake delivery notifications). and Public apology issued; customers advised to monitor personal information.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Overseas servers (unauthorized access), exploited signed access token, Overseas servers and Active authentication key of a former employee.
What was the most recent reconnaissance period for an incident ?
Most Recent Reconnaissance Period: The most recent reconnaissance period for an incident was Potentially since June 24, 2025 (undetected for ~5 months), June 2023 to November 2023 (undetected for ~5 months), Five Months (Undetected Data Extraction), 5 months (breach began ~June 2023, detected November 2023), June 24 to November 18 (approx. 5 months).
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was failure to detect unauthorized access promptlyexploitation of signed access token, Corporate negligence in securityGovernment oversight failureDelayed detection (intrusion attempts began in June, detected in November)Accumulated security gaps from prior incidents (KT, Lotte Card), Inadequate Internal Controls for Data AccessFailure to Detect Prolonged Data ExfiltrationLack of Employee Monitoring Post-TerminationRepeated Breaches Indicating Systemic Security Weaknesses, Authentication vulnerabilities; failure to deactivate former employee's access credentials, Former employee.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was revoked compromised tokensenhanced detection rulesexpanded monitoring, Reviewing data security system enhancements.
.png)
Latest Global CVEs (Not Company-Specific)
Description
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.
Risk Information
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare() + execute() without semantic restrictions. This is consistent with the name (“write tool”), but in an LLM/agent context it becomes a high-risk capability: prompt injection or indirect prompt manipulation can cause execution of destructive queries such as DROP TABLE, TRUNCATE, DELETE, ALTER, or privilege-related statements (subject to DB permissions). Deployments that expose an agent with MySQLWriteTool enabled to untrusted input and/or run the tool with a DB user that has broad privileges are impacted. This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 9.4
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Description
Neuron is a PHP framework for creating and orchestrating AI Agents. Versions 2.8.11 and below use MySQLSelectTool, which is vulnerable to Read-Only Bypass. MySQLSelectTool is intended to be a read-only SQL tool (e.g., for LLM agent querying, however, validation based on the first keyword (e.g., SELECT) and a forbidden-keyword list does not block file-writing constructs such as INTO OUTFILE / INTO DUMPFILE. As a result, an attacker who can influence the tool input (e.g., via prompt injection through a public agent endpoint) may write arbitrary files to the DB server if the MySQL/MariaDB account has the FILE privilege and server configuration permits writes to a useful location (e.g., a web-accessible directory). This issue is fixed in version 2.8.12.
Risk Information
cvss3
Base: 8.2
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Description
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.
Risk Information
cvss3
Base: 8.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
Risk Information
cvss3
Base: 5.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=coupang' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
