NewKerala.com

Coupang Claims Data Leak Limited to 3,000, But Government Disputes "Unilateral" Report

Coupang announced it recovered all leaked personal data, which it says involved only about 3,000 customers and was not shared externally, attributing the breach to a former employee. However, the South Korean government immediately disputed this as a "unilateral claim," stating the official joint investigation is still ongoing and Coupang's findings are unverified. The company maintains that while basic info from millions of accounts was accessed, only a tiny fraction was saved and no sensitive payment data was compromised. The incident highlights tensions between corporate crisis communication and official regulatory investigations into major data security events.

Key Points: Coupang Data Leak: 3,000 Users Affected, Gov't Disputes Claim

  • Former employee accessed 33M accounts
  • Data saved from only ~3,000
  • No evidence of external transfer
  • Government disputes Coupang's claims
  • Joint investigation ongoing
2 min read

Coupang says former employee saved data from only 3,000 customers, no external leak

Coupang says a former employee saved data from only 3,000 customers with no external leak, but the South Korean government calls the announcement premature.

"The government strongly protested Coupang over its unilateral announcement about the matter that is currently under investigation. - Ministry of Science and ICT"

Seoul, Dec 25

E-commerce giant Coupang said on Thursday it has recovered all leaked personal information involving approximately 3,000 customers, adding that no data has been transferred to anyone outside the company.

In a press release, Coupang said it has identified a former employee responsible for the data leak by using forensic evidence, adding that the individual confessed and provided a detailed account of how customer information was accessed, reports Yonhap news agency.

The suspect used stolen security keys to access basic customer information from approximately 33 million accounts, the company said.

However, data from only about 3,000 accounts was actually saved and later deleted by the suspect.

An internal investigation found no evidence that any customer data was shared with or transmitted to third parties, the company said, adding it has also secured all devices used to access and store customer information, including a hard drive.

The accessed information included customers' names, email addresses, phone numbers, home addresses and other details, according to the company.

Coupang stressed that there was no breach of sensitive information, such as payment information, login credentials or customs clearance numbers.

The announcement by Coupang followed news reports that the presidential office was set to hold an emergency meeting with relevant government officials on the case on the day.

But the government refuted Coupang's announcement as a "unilateral claim," saying the results of a private-government joint team's probe into the data leak have yet to come out.

"(The government) strongly protested Coupang over its unilateral announcement about the matter that is currently under investigation by the joint team," the Ministry of Science and ICT said.

Last month, the government set up a private-public joint team to investigate the data breach at Coupang that affected 33.7 million users.

"The private-public joint team is closely looking into the kinds and extent of the data breach, and how the data leaked," the science ministry said. "What Coupang claimed has not been verified by the team."

- IANS

Share this article:

Reader Comments

S
Sarah B
As someone who shops online frequently, this is terrifying. Names, addresses, phone numbers... that's enough for serious harassment or fraud. Glad no payment info was leaked, but basic details in the wrong hands are dangerous enough. Companies need better internal security protocols.
P
Priya S
The fact that a *former* employee still had access to security keys is a massive red flag. What's the point of offboarding if access isn't revoked? This is basic IT hygiene. Coupang's internal controls seem very weak. 😬
V
Vikram M
Interesting to see the government pushing back. In India, we often see companies make such announcements to control the narrative before an official probe is complete. The joint team's findings will be crucial. Trust, but verify.
R
Rohit P
"Only 3000 customers" – that's still 3000 too many! This casual downplaying by corporations is the problem. Each of those 3000 people deserves an apology and compensation, not just a press release. Hope the Korean authorities impose a hefty fine.
M
Meera T
A good lesson for Indian e-commerce giants as well. Data is the new oil, and it must be protected like a national treasure. Employee access should be on a strict need-to-know basis with multiple layers of authentication. Jai Hind!

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50