South Korea’s e-commerce giant has confirmed a massive data breach of over 33 million customers.
According to Coupang, the unauthorized access began on June 24 and went unnoticed until for November 18. Initial assessment revealed that only 4500 accounts were affected, however upon further analysis they discovered that the information of 33.7 million users was affected.
The company issued a public apology acknowledging the breach stemmed from unauthorized access which went undetected for months.
“We sincerely apologise once again for causing our customers inconvenience”
Coupang stated the breach exposed customer’s names, email address, phone numbers, shipping addresses and certain other histories but payment details or log in credentials were not compromised.
Police confirmed that two different emails were sent, warning about a possible data leak. One of the messages was sent to Coupang customers whiles the other was sent to the customer service team. Authorities suspect the sender who claimed to possess customer information to be a former Coupang worker who handled authentication and access systems.
Police in Seoul reported that they have obtained Coupang’s server logs and are analyzing them to determine who carried out the breach. Investigators are also working to verify the suspect’s nationality, location and whether the person who sent the email is the one behind the data breach.
“We are analysing server logs submitted by Coupang. We have secured the IP used by the suspect and are tracking them down”, an official at the Seoul Metropolitan Police said.
Coupang was established in 2010 by Bom Kim, a Korean American entrepreneur and Harvard graduate. It is the country’s most popular e commerce platform which has taken over family-owned conglomerates like Shinsegae and is often described as the equivalent of Amazon.com.
Coupang provides overnight delivery of fresh food and daily necessities is one of the most widely used platforms in South Korea.
Under the South Koreas laws, data breach can face fine of up to 3 percent of their revenue. After a breach in April, SK Telecom Co., the country’s top mobile carrier received a fine of 134.8 million won (US$91.7 million).