People Power Party: "Control Tower Failed Amid Repeated Security Breaches" DPK: "Previous Administration Failed to Address Root Causes, Security Gaps Accumulated"
사진 확대 Park Dae-jun, CEO of Coupang, answers questions from reporters after attending an emergency ministerial meeting on the Coupang data breach at Government Complex Seoul on the afternoon of the 30th. [Joint Press]
Following a massive data breach at Coupang, the leading e-commerce company in Korea, which exposed the information of approximately 34 million users, the People Power Party and the Democratic Party of Korea (DPK) have engaged in a blame game, each pointing fingers at the other.
Choi Bo-yoon, chief spokesperson for the People Power Party, stated in a commentary, "A catastrophic security incident has occurred, leaking personal information on a scale that effectively covers the entire nation. This is the result of both corporate negligence in security and the government's failure in oversight."
He continued, "An even more serious issue is the government's response. Although intrusion attempts began in June, they were not detected until November. Under the Lee Jae-myung administration, major security incidents have occurred at KT and Lotte Card, yet the national cybersecurity control tower has essentially failed to function."
Members of the People Power Party on the Science, ICT, Broadcasting, and Communications Committee of the National Assembly also released an emergency statement, emphasizing, "Info
Source: https://www.mk.co.kr/en/business/11480601
Coupang cybersecurity rating report: https://www.rankiteo.com/company/coupang
"id": "COU1764496624",
"linkid": "coupang",
"type": "Breach",
"date": "11/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '34,000,000',
'industry': 'Retail / Technology',
'location': 'South Korea',
'name': 'Coupang',
'size': 'Large (leading e-commerce '
'platform)',
'type': 'E-commerce Company'}],
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Yes',
'file_types_exposed': None,
'number_of_records_exposed': '34,000,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (nationwide scale)',
'type_of_data_compromised': 'Personal '
'Information'},
'date_detected': '2023-11-30',
'date_publicly_disclosed': '2023-11-30',
'description': 'A catastrophic security incident at Coupang, '
"Korea's leading e-commerce company, exposed the "
'personal information of approximately 34 million '
'users. The breach was undetected for months, '
'with intrusion attempts beginning in June but '
'only discovered in November. The incident has '
'sparked political blame between the People Power '
'Party and the Democratic Party of Korea (DPK), '
'with accusations of corporate negligence and '
'government oversight failure. The breach follows '
'prior major security incidents at KT and Lotte '
'Card under the current administration.',
'impact': {'brand_reputation_impact': 'Severe (political blame '
'game, national-scale '
'criticism)',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Personal information of ~34 '
'million users (effectively '
'covering the entire nation)',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (given scale of personal '
'data exposure)',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': 'June 2023 to '
'November '
'2023 '
'(undetected '
'for ~5 '
'months)'},
'investigation_status': 'Ongoing (political and technical '
'scrutiny)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': ['Corporate negligence '
'in security',
'Government oversight '
'failure',
'Delayed detection '
'(intrusion attempts '
'began in June, '
'detected in '
'November)',
'Accumulated security '
'gaps from prior '
'incidents (KT, Lotte '
'Card)']},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': '2023-11-30',
'source': 'Joint Press (Government Complex '
'Seoul)',
'url': None},
{'date_accessed': '2023-11-30',
'source': 'People Power Party Statement '
'(Science, ICT, Broadcasting, and '
'Communications Committee)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Public disclosure via '
"CEO Park Dae-jun's press "
'interaction; political '
'statements from People '
'Power Party and DPK',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes (emergency '
'ministerial '
'meeting held)',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'stakeholder_advisories': 'Emergency ministerial meeting held; '
'public statements by People Power '
'Party and DPK',
'title': "Coupang Massive Data Breach Exposing 34 Million Users' "
'Information',
'type': ['Data Breach', 'Cybersecurity Failure']}