Coupang Claims Data Leak Contained to 3,000 Users; Government Calls it 'Unilateral'

Coupang says its data leak crisis is over. The South Korean government says the investigation has just begun. E-commerce giant Coupang announced on December 25th that it had contained a data breach caused by a former employee, but the government swiftly refuted the announcement as a "unilateral claim," escalating a public dispute over the incident's true scale.

According to a Yonhap report, Coupang stated in a press release that the suspect used stolen security keys to access information from approximately 33 million accounts. However, the company claimed data from only about 3,000 customers was actually saved and later deleted. Coupang insisted that an internal investigation found no evidence of the data being shared with third parties.

Coupang's Internal Findings

The company said it identified the former employee using forensic evidence and that the individual had confessed. The accessed information reportedly included names, email addresses, phone numbers, and home addresses. Coupang stressed that sensitive data like payment information or login credentials was not breached and that it has secured all devices involved, including a hard drive.

The Government's Swift Rebuttal

The government's response was sharp and immediate. The Ministry of Science and ICT stated it "strongly protested Coupang over its unilateral announcement," clarifying that the results of an official probe are not yet available. Last month, the government formed a private-public joint team to investigate the breach, which it initially stated affected 33.7 million users. "What Coupang claimed has not been verified by the team," the ministry said.