E-commerce firm Coupang, South Korea's largest online retailer, has apologized for a data-breach affecting nearly 34 million of its customers. "We express regret over the recent incident," the company said. File Photo courtesy of Coupang
Dec. 1 (UPI) -- Coupang, South Korea's largest online retailer described as the country's Amazon.com, has apologized for a data breach impacting nearly 34 million of its customers.
The company, which operates its global headquarters from Seattle, Wash., confirmed the cyberattack in a letter Sunday and explained that the data breach compromised customers' names, email addresses, phone numbers, shipping addresses and some order histories.
"We express regret over the recent incident ... we apologize for causing inconvenience and concern," Park Dae-jun, Coupang's chief executive officer wrote in the statement.
Coupang said credit card numbers, login credentials, payment information and other more sensitive information were not affected.
"Coupang will do its best to prevent further damage in close cooperation with the Ministry of Science and ICT, the Personal Information Protection Commission, the Korea Internet & Security Agency, the National Police Agency and other public-private joint investigation teams," the company said. "We are reviewing what changes we can make to the data security system, so we can better protect customer information."
The company said while the breach was discovered in November, it started five months ago and is su
Coupang cybersecurity rating report: https://www.rankiteo.com/company/coupang
"id": "COU1764633465",
"linkid": "coupang",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '34,000,000',
'industry': 'Retail',
'location': 'Seoul, South Korea (HQ in '
'Seattle, Washington, USA)',
'name': 'Coupang',
'size': "Large (South Korea's largest "
'online retailer)',
'type': 'E-commerce'}],
'customer_advisories': 'Public apology and notification issued',
'data_breach': {'data_encryption': None,
'data_exfiltration': True,
'file_types_exposed': None,
'number_of_records_exposed': '34,000,000',
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate (no financial '
'or login credentials '
'exposed)',
'type_of_data_compromised': ['personal '
'information',
'contact details',
'order histories']},
'date_detected': '2023-11-01',
'date_publicly_disclosed': '2023-12-01',
'description': "Coupang, South Korea's largest online retailer, "
'experienced a data breach compromising the '
'personal information of nearly 34 million '
'customers. The breach exposed names, email '
'addresses, phone numbers, shipping addresses, '
'and some order histories but did not affect '
'credit card numbers, login credentials, or '
'payment information. The incident was discovered '
'in November 2023 but began five months prior. '
'Coupang is cooperating with South Korean '
'authorities to investigate and enhance its data '
'security systems.',
'impact': {'brand_reputation_impact': 'Negative (public apology '
'issued)',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['names',
'email addresses',
'phone numbers',
'shipping addresses',
'order histories'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'Low (no sensitive financial '
'or login data exposed)',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'None (payment '
'information not '
'affected)',
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': '5 months '
'(breach '
'began ~June '
'2023, '
'detected '
'November '
'2023)'},
'investigation_status': 'Ongoing (joint public-private '
'investigation)',
'post_incident_analysis': {'corrective_actions': 'Reviewing data '
'security '
'system '
'enhancements',
'root_causes': None},
'references': [{'date_accessed': '2023-12-01',
'source': 'UPI (United Press International)',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': ['Ministry '
'of '
'Science '
'and ICT',
'Personal '
'Information '
'Protection '
'Commission']},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Public apology issued by '
'CEO (Park Dae-jun)',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': 'Reviewing changes to data '
'security system',
'third_party_assistance': ['Ministry of Science and '
'ICT',
'Personal Information '
'Protection Commission',
'Korea Internet & '
'Security Agency',
'National Police '
'Agency']},
'title': 'Coupang Data Breach Affecting 34 Million Customers',
'type': 'Data Breach'}