![[Editorial] No excuse for Coupang’s mismanagement of buyer knowledge](https://flexible.img.hani.co.kr/flexible/normal/800/533/imgdb/original/2025/1201/5517645766983587.webp "[Editorial] No excuse for Coupang’s mismanagement of buyer knowledge")
Coupang CEO Park Dae-jun bows in apology whereas addressing reporters on the central authorities complicated in Seoul on Nov. 30, 2025, following an emergency assembly with heads of related companies in response to a buyer knowledge leak by the e-commerce large. (Kim Hye-yun/Hankyoreh)
Private knowledge related to 33.7 million buyer accounts on Coupang, South Korea’s largest e-commerce platform, has been leaked. What’s worse is that this leak of data for primarily all Coupang customers had been occurring for at the very least 5 months — all whereas the agency remained oblivious.
Contemplating the sheer scale of the leak, rigorous motion must be taken in response to make sure that Koreans aren’t put at additional threat.
The Korean authorities introduced Sunday plans to type a public-private joint group to research the incident. The leak concerned buyer names, electronic mail addresses, telephone numbers, addresses, and a portion of consumers’ buy histories.
It appears like anybody who has ever bought something on Coupang has had their knowledge leaked. Coupang maintains that prospects’ cost knowledge, bank card numbers, and login info weren’t affected.
Nevertheless, investigations of different hacking incidents have revealed that it’s too early to relaxation straightforward, because the exact extent of the harm has but to be decided. A main concern includes “smishing” — sending malicious hyperlinks by way of textual content messages — and different forms of secondary harm.
Primarily based on investigations of different hacking incidents, we can’t rule out the potential of the data leaked being compiled to determine particular person customers. The federal government should do every thing attainable to stop additional hurt to shoppers.
Moreover, this incident was reportedly not the results of an outdoor hack however was an inside job. On Nov. 20, Coupang introduced that the info leak had affected 4,500 customers. Over every week later, on Saturday, this quantity was revised to 33.7 million. Furthermore, the info leak started round June 24, however the firm had been unaware of it.
If the correct techniques had been in place, staff would have entry to totally different classes of knowledge primarily based on their degree of authorization. But the corporate seems to have been unaware of a single worker accessing and leaking all the buyer database. How might this probably be true?
Furthermore, the perpetrator exploited a weak point in Coupang’s inside authentication techniques, accessing over 30 million buyer accounts with out even logging in.
Coupang can’t keep away from requires it to take accountability for sloppily managing buyer knowledge. Investigators should work completely to find out what precisely led to such mismanagement.
The federal government may now not stand by whereas these knowledge leaks and hacks proceed taking place. From telecommunications companies to monetary firms, and now e-commerce platforms, providers utilized by most Koreans preserve getting hacked and having their inside knowledge leaked.
This isn’t one thing that may be resolved by a easy apology from the agency’s CEO. There must be an intensive investigation to see if the state’s lax oversight and slap-on-the-wrist punishments incentivized companies to neglect investments in knowledge safety. We’d like extra elementary and forceful preventative measures.
Please direct questions or feedback to [english@hani.co.kr]
